PHP Changelog

What's new in PHP 7.1.26

January 11th, 2019
  • Core:
  • Fixed bug #77369 (memcpy with negative length via crafted DNS response).
  • GD:
  • Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
  • Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
  • IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Mbstring:
  • Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
  • Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
  • Fixed bug #77381 (heap buffer overflow in multibyte match_at).
  • Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
  • Fixed bug #77385 (buffer overflow in fetch_token).
  • Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
  • Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
  • Phar:
  • Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
  • Xmlrpc:
  • Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
  • Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).

New in PHP 7.3.1 (January 10th, 2019)

  • Core:
  • Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
  • Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
  • Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
  • Fixed bug #77291 (magic methods inherited from a trait may be ignored).
  • CURL:
  • Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
  • COM:
  • Fixed bug #77177 (Serializing or unserializing COM objects crashes).
  • Exif:
  • Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
  • GD:
  • Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
  • Fixed bug #77198 (auto cropping has insufficient precision).
  • Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
  • Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
  • Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
  • MBString:
  • Fixed bug #77367 (Negative size parameter in mb_split).
  • Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
  • Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
  • Fixed bug #77381 (heap buffer overflow in multibyte match_at).
  • Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
  • Fixed bug #77385 (buffer overflow in fetch_token).
  • Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
  • Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
  • OCI8:
  • Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
  • Added oci_set_call_timeout() for call timeouts.
  • Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
  • Opcache:
  • Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
  • Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
  • PCRE:
  • Fixed bug #77193 (Infinite loop in preg_replace_callback).
  • PDO:
  • Handle invalid index passed to PDOStatement::fetchColumn() as error.
  • Phar:
  • Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
  • Soap:
  • Fixed bug #77088 (Segfault when using SoapClient with null options).
  • Sockets:
  • Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
  • Sodium:
  • Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
  • SPL:
  • Fixed bug #77359 (spl_autoload causes segfault).
  • Fixed bug #77360 (class_uses causes segfault).
  • SQLite3:
  • Fixed bug #77051 (Issue with re-binding on SQLite3).
  • Xmlrpc:
  • Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
  • Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).

New in PHP 7.2.14 (January 10th, 2019)

  • Core:
  • Fixed bug #77369 (memcpy with negative length via crafted DNS response).
  • Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
  • Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
  • COM:
  • Fixed bug #77177 (Serializing or unserializing COM objects crashes).
  • Date:
  • Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
  • Exif:
  • Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
  • GD:
  • Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free).
  • Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap).
  • Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
  • Fixed bug #77198 (auto cropping has insufficient precision).
  • Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
  • IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Mbstring:
  • Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token).
  • Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node).
  • Fixed bug #77381 (heap buffer overflow in multibyte match_at).
  • Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string).
  • Fixed bug #77385 (buffer overflow in fetch_token).
  • Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode).
  • Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code).
  • OCI8:
  • Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
  • Added oci_set_call_timeout() for call timeouts.
  • Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
  • Opcache:
  • Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
  • PDO:
  • Handle invalid index passed to PDOStatement::fetchColumn() as error.
  • Phar:
  • Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext).
  • Sockets:
  • Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
  • SQLite3:
  • Fixed bug #77051 (Issue with re-binding on SQLite3).
  • Xmlrpc:
  • Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()).
  • Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code).

New in PHP 7.0.33 (December 7th, 2018)

  • Core:
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
  • IMAP:
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
  • Phar:
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).

New in PHP 7.3.0 (December 7th, 2018)

  • Core:
  • Improved PHP GC.
  • Redesigned the old ext_skel program written in PHP, run: 'php ext_skel.php' for all options. This means there are no dependencies, thus making it work on Windows out of the box.
  • Removed support for BeOS.
  • Add PHP_VERSION to phpinfo() .
  • Add net_get_interfaces().
  • Implemented flexible heredoc and nowdoc syntax, per RFC http://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.
  • Added support for references in list() and array destructuring, per RFC http://wiki.php.net/rfc/list_reference_assignment.
  • Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems without native similar feature.
  • Added syslog.facility and syslog.ident INI entries for customizing syslog logging.
  • Fixed bug #75683 (Memory leak in zend_register_functions() in ZTS mode).
  • Fixed bug #75031 (support append mode in temp/memory streams).
  • Fixed bug #74860 (Uncaught exceptions not being formatted properly when error_log set to "syslog").
  • Fixed bug #75220 (Segfault when calling is_callable on parent).
  • Fixed bug #69954 (broken links and unused config items in distributed ini files).
  • Fixed bug #74922 (Composed class has fatal error with duplicate, equal const properties).
  • Fixed bug #63911 (identical trait methods raise errors during composition).
  • Fixed bug #75677 (Clang ignores fastcall calling convention on variadic function).
  • Fixed bug #54043 (Remove inconsitency of internal exceptions and user defined exceptions).
  • Fixed bug #53033 (Mathematical operations convert objects to integers).
  • Fixed bug #73108 (Internal class cast handler uses integer instead of float).
  • Fixed bug #75765 (Fatal error instead of Error exception when base class is not found).
  • Fixed bug #76198 (Wording: "iterable" is not a scalar type).
  • Fixed bug #76137 (config.guess/config.sub do not recognize RISC-V).
  • Fixed bug #76427 (Segfault in zend_objects_store_put).
  • Fixed bug #76422 (ftruncate fails on files > 2GB).
  • Fixed bug #76509 (Inherited static properties can be desynchronized from their parent by ref).
  • Fixed bug #76439 (Changed behaviour in unclosed HereDoc).
  • Fixed bug #63217 (Constant numeric strings become integers when used as ArrayAccess offset).
  • Fixed bug #33502 (Some nullary functions don't check the number of arguments).
  • Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation type 37).
  • The declaration and use of case-insensitive constants has been deprecated.
  • Added syslog.filter INI entry for syslog filtering.
  • Fixed bug #76667 (Segfault with divide-assign op and __get + __set).
  • Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)
  • Fixed broken zend_read_static_property (Laruence)
  • Fixed bug #76773 (Traits used on the parent are ignored for child classes).
  • Fixed bug #76767 (‘asm’ operand has impossible constraints in zend_operators.h).
  • Fixed bug #76752 (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in _get_zval_ptr_tmp failed).
  • Fixed bug #76820 (Z_COPYABLE invalid definition).
  • Fixed bug #76510 (file_exists() stopped working for phar://).
  • Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
  • Fixed bug #72635 (Undefined class used by class constant in constexpr generates fatal error).
  • Fixed bug #76947 (file_put_contents() blocks the directory of the file (__DIR__)).
  • Fixed bug #76979 (define() error message does not mention resources as valid values).
  • Fixed bug #76825 (Undefined symbols ___cpuid_count).
  • Fixed bug #77110 (undefined symbol zend_string_equal_val in C++ build).
  • Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
  • BCMath:
  • Implemented FR #67855 (No way to get current scale in use).
  • Fixed bug #66364 (BCMath bcmul ignores scale parameter).
  • Fixed bug #75164 (split_bc_num() is pointless).
  • Fixed bug #75169 (BCMath errors/warnings bypass PHP's error handling).
  • CLI:
  • Fixed bug #44217 (Output after stdout/stderr closed cause immediate exit with status 0).
  • Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters).
  • cURL:
  • Expose curl constants from curl 7.50 to 7.61.
  • Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
  • Date:
  • Implemented FR #74668: Add DateTime::createFromImmutable() method.
  • Fixed bug #75222 (DateInterval microseconds property always 0).
  • Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
  • Fixed bug #76131 (mismatch arginfo for date_create).
  • Updated timelib to 2018.01RC1 to address several bugs:
  • Fixed bug #75577 (DateTime::createFromFormat does not accept 'v' format specifier).
  • Fixed bug #75642 (Wrap around behaviour for microseconds is not working).
  • Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
  • DBA:
  • Fixed bug #75264 (compiler warnings emitted).
  • DOM:
  • Fixed bug #76285 (DOMDocument::formatOutput attribute sometimes ignored).
  • Fileinfo:
  • Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
  • Filter:
  • Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).
  • FPM:
  • Added fpm_get_status function.
  • Fixed bug #62596 (getallheaders() missing with PHP-FPM).
  • Fixed bug #69031 (Long messages into stdout/stderr are truncated incorrectly) - added new log related FPM configuration options: log_limit, log_buffering and decorate_workers_output.
  • ftp:
  • Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
  • GD:
  • Added support for WebP in imagecreatefromstring().
  • GMP:
  • Export internal structures and accessor helpers for GMP object.
  • Added gmp_binomial(n, k).
  • Added gmp_lcm(a, b).
  • Added gmp_perfect_power(a).
  • Added gmp_kronecker(a, b).
  • iconv:
  • Fixed bug #53891 (iconv_mime_encode() fails to Q-encode UTF-8 string).
  • Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
  • IMAP:
  • Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter).
  • Fixed bug #77020 (null pointer dereference in imap_mail).
  • Interbase:
  • Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
  • Fixed bug #76443 (php+php_interbase.dll crash on module_shutdown).
  • intl:
  • Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
  • Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8() function).
  • JSON:
  • Added JSON_THROW_ON_ERROR flag.
  • LDAP:
  • Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.
  • Added full support for sending and parsing ldap controls.
  • Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
  • libxml2:
  • Fixed bug #75871 (use pkg-config where available).
  • litespeed:
  • Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
  • Fixed bug #75251 (Missing program prefix and suffix).
  • MBstring:
  • Updated to Oniguruma 6.9.0.
  • Fixed bug #65544 (mb title case conversion-first word in quotation isn't capitalized).
  • Fixed bug #71298 (MB_CASE_TITLE misbehaves with curled apostrophe/quote).
  • Fixed bug #73528 (Crash in zif_mb_send_mail).
  • Fixed bug #74929 (mbstring functions version 7.1.1 are slow compared to 5.3 on Windows).
  • Fixed bug #76319 (mb_strtolower with invalid UTF-8 causes segmentation fault).
  • Fixed bug #76574 (use of undeclared identifiers INT_MAX and LONG_MAX).
  • Fixed bug #76594 (Bus Error due to unaligned access in zend_ini.c OnUpdateLong).
  • Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored).
  • Fixed bug #76958 (Broken UTF7-IMAP conversion).
  • Fixed bug #77025 (mb_strpos throws Unknown encoding or conversion error).
  • Fixed bug #77165 (mb_check_encoding crashes when argument given an empty array).
  • Mysqlnd:
  • Fixed bug #76386 (Prepared Statement formatter truncates fractional seconds from date/time column).
  • ODBC:
  • Removed support for ODBCRouter.
  • Removed support for Birdstep.
  • Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
  • Opcache:
  • Fixed bug #76466 (Loop variable confusion).
  • Fixed bug #76463 (var has array key type but not value type).
  • Fixed bug #76446 (zend_variables.c:73: zend_string_destroy: Assertion `!(zval_gc_flags((str)->gc)).
  • Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string offset").
  • Fixed bug #77058 (Type inference in opcache causes side effects).
  • Fixed bug #77092 (array_diff_key() - segmentation fault).
  • OpenSSL:
  • Added openssl_pkey_derive function.
  • Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values.
  • PCRE:
  • Implemented http://wiki.php.net/rfc/pcre2-migration.
  • Upgrade PCRE2 to 10.32.
  • Fixed bug #75355 (preg_quote() does not quote # control character).
  • Fixed bug #76512 (w no longer includes unicode characters).
  • Fixed bug #76514 (Regression in preg_match makes it fail with PREG_JIT_STACKLIMIT_ERROR).
  • Fixed bug #76909 (preg_match difference between 7.3 and < 7.3).
  • PDO_DBlib:
  • Implemented FR #69592 (allow 0-column rowsets to be skipped automatically).
  • Expose TDS version as PDO::DBLIB_ATTR_TDS_VERSION attribute on PDO instance.
  • Treat DATETIME2 columns like DATETIME.
  • Fixed bug #74243 (allow locales.conf to drive datetime format).
  • PDO_Firebird:
  • Fixed bug #74462 (PDO_Firebird returns only NULLs for results with boolean for FIREBIRD >= 3.0).
  • PDO_OCI:
  • Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
  • PDO SQLite:
  • Add support for additional open flags
  • pgsql:
  • Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME, PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME, PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED.
  • Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
  • phar:
  • Fixed bug #74991 (include_path has a 4096 char limit in some cases).
  • Fixed bug #65414 (deal with leading slash when adding files correctly).
  • Fixed bug #77022 (PharData always creates new files with mode 0666).
  • Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile).
  • readline:
  • Added completion_append_character and completion_suppress_append options to readline_info() if linked against libreadline.
  • Session:
  • Fixed bug #74941 (session fails to start after having headers sent).
  • SimpleXML:
  • Fixed bug #54973 (SimpleXML casts integers wrong).
  • Fixed bug #76712 (Assignment of empty string creates extraneous text node).
  • Sockets:
  • Fixed bug #67619 (Validate length on socket_write).
  • SOAP:
  • Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
  • Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
  • Fixed bug #50675 (SoapClient can't handle object references correctly).
  • Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
  • Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
  • SPL:
  • Fixed bug #74977 (Appending AppendIterator leads to segfault).
  • Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
  • Fixed bug #74372 (autoloading file with syntax error uses next autoloader, may hide parse error).
  • Fixed bug #75878 (RecursiveTreeIterator::setPostfix has wrong signature).
  • Fixed bug #74519 (strange behavior of AppendIterator).
  • Fixed bug #76131 (mismatch arginfo for splarray constructor).
  • SQLite3:
  • Updated bundled libsqlite to 3.24.0.
  • Standard:
  • Added is_countable() function.
  • Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params().
  • Remove superfluous warnings from inet_ntop()/inet_pton().
  • Fixed bug #75916 (DNS_CAA record results contain garbage).
  • Fixed unserialize(), to disable creation of unsupported data structures through manually crafted strings.
  • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
  • Fixed bug #74719 (fopen() should accept NULL as context).
  • Fixed bug #69948 (path/domain are not sanitized in setcookie).
  • Fixed bug #75996 (incorrect url in header for mt_rand).
  • Added hrtime() function, to get high resolution time.
  • Fixed bug #48016 (stdClass::__setState is not defined although var_export() uses it).
  • Fixed bug #76136 (stream_socket_get_name should enclose IPv6 in brackets).
  • Fixed bug #76688 (Disallow excessive parameters after options array).
  • Fixed bug #76713 (Segmentation fault caused by property corruption).
  • Fixed bug #76755 (setcookie does not accept "double" type for expire time).
  • Fixed bug #76674 (improve array_* failure messages exposing what was passed instead of an array).
  • Fixed bug #76803 (ftruncate changes file pointer).
  • Fixed bug #76818 (Memory corruption and segfault).
  • Fixed bug #77081 (ftruncate() changes seek pointer in c mode).
  • Testing:
  • Implemented FR #62055 (Make run-tests.php support --CGI-- sections).
  • Tidy:
  • Support using tidyp instead of tidy.
  • Fixed bug #74707 (Tidy has incorrect ReflectionFunction param counts for functions taking tidy).
  • Fixed arginfo for tidy::__construct().
  • Tokenizer:
  • Fixed bug #76437 (token_get_all with TOKEN_PARSE flag fails to recognise close tag).
  • Fixed bug #75218 (Change remaining uncatchable fatal errors for parsing into ParseError).
  • Fixed bug #76538 (token_get_all with TOKEN_PARSE flag fails to recognise close tag with newline).
  • Fixed bug #76991 (Incorrect tokenization of multiple invalid flexible heredoc strings).
  • XML:
  • Fixed bug #71592 (External entity processing never fails).
  • Zlib:
  • Added zlib/level context option for compress.zlib wrapper.

New in PHP 7.1.24 (November 9th, 2018)

  • Core:
  • Fixed bug #76946 (Cyclic reference in generator not detected).
  • Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
  • Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
  • Date:
  • Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
  • FCGI:
  • Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
  • Fixed bug #76954 (apache_response_headers removes last character from header name).
  • FTP:
  • Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
  • intl:
  • Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
  • Standard:
  • Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
  • Tidy:
  • Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
  • XML:
  • Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
  • Add support for getting SKIP_TAGSTART and SKIP_WHITE options.

New in PHP 7.2.12 (November 8th, 2018)

  • Core:
  • Fixed bug #76846 (Segfault in shutdown function after memory limit error).
  • Fixed bug #76946 (Cyclic reference in generator not detected).
  • Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
  • Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
  • Date:
  • Upgraded timelib to 2017.08.
  • Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
  • Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
  • FCGI:
  • Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
  • Fixed bug #76954 (apache_response_headers removes last character from header name).
  • FTP:
  • Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
  • intl:
  • Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
  • Reflection:
  • Fixed bug #76936 (Objects cannot access their private attributes while handling reflection errors).
  • Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with object scope).
  • Sodium:
  • Some base64 outputs were truncated; this is not the case any more.
  • block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed.
  • Fixed bug #77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input).
  • Standard:
  • Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
  • Tidy:
  • Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
  • XML:
  • Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
  • Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
  • XMLRPC:
  • Fixed bug #75282 (xmlrpc_encode_request() crashes).

New in PHP 7.2.11 (October 16th, 2018)

  • Core:
  • Fixed bug #76800 (foreach inconsistent if array modified during loop).
  • Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
  • CURL:
  • Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
  • iconv:
  • Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
  • Opcache:
  • Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
  • Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault).
  • POSIX:
  • Fixed bug #75696 (posix_getgrnam fails to print details of group).
  • Reflection:
  • Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
  • Standard:
  • Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
  • Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
  • Fixed bug #75533 (array_reduce is slow when $carry is large array).
  • XMLRPC:
  • Fixed bug #76886 (Can't build xmlrpc with expat).
  • Zlib:
  • Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).

New in PHP 7.1.23 (October 16th, 2018)

  • Core:
  • Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
  • Fixed bug #76846 (Segfault in shutdown function after memory limit error).
  • CURL:
  • Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
  • iconv:
  • Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
  • Opcache:
  • Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
  • POSIX:
  • Fixed bug #75696 (posix_getgrnam fails to print details of group).
  • Reflection:
  • Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
  • Standard:
  • Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
  • Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
  • Fixed bug #75533 (array_reduce is slow when $carry is large array).
  • Zlib:
  • Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).

New in PHP 7.3.0 RC 2 (September 28th, 2018)

  • CURL:
  • Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected). (Pierrick)
  • Core:
  • Fixed bug #76869 (Incorrect bypassing protected method accessibilty check). (Dmitry)
  • Fixed bug #76800 (foreach inconsistent if array modified during loop). (Dmitry)
  • Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory). (Nikita)
  • iconv:
  • Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be). (cmb)
  • Opcache:
  • Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string offset"). (Dmitry)
  • PCRE:
  • Upgrade PCRE2 to 10.32. (Anatol)
  • Fixed bug #76909 (preg_match difference between 7.3 and < 7.3). (Anatol)
  • Standard:
  • Fixed bug #75533 (array_reduce is slow when $carry is large array). (Manabu Matsui)
  • XMLRPC:
  • Fixed bug #76886 (Can't build xmlrpc with expat). (Thomas Petazzoni, cmb)

New in PHP 7.3.0 RC 1 (September 14th, 2018)

  • Core:
  • Fixed bug #76825 (Undefined symbols ___cpuid_count). (Laruence)
  • Fixed bug #76820 (Z_COPYABLE invalid definition). (mvdwerve, cmb)
  • Fixed bug #76510 (file_exists() stopped working for phar://). (cmb)
  • intl:
  • Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8() function). (Anatol)
  • MBString:
  • Updated to Oniguruma 6.9.0. (cmb)
  • Opcache:
  • Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS). (Anatol)
  • Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault). (Nikita)
  • POSIX:
  • Fixed bug #75696 (posix_getgrnam fails to print details of group). (cmb)
  • Reflection:
  • Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod). (cmb)
  • Standard:
  • Fixed bug #76803 (ftruncate changes file pointer). (Anatol)
  • Fixed bug #76818 (Memory corruption and segfault). (Remi)
  • Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection). (Ville Hukkamäki)
  • Zlib:
  • Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed). (Martin Burke, cmb)

New in PHP 7.2.10 (September 14th, 2018)

  • Core:
  • Fixed bug #76754 (parent private constant in extends class memory leak).
  • Fixed bug #72443 (Generate enabled extension).
  • Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode).
  • Apache2:
  • Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid).
  • Bz2:
  • Fixed arginfo for bzcompress.
  • gettext:
  • Fixed bug #76517 (incorrect restoring of LDFLAGS).
  • iconv:
  • Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
  • Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
  • Fixed bug #60494 (iconv_mime_decode does ignore special characters).
  • Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
  • intl:
  • Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
  • libxml:
  • Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
  • mbstring:
  • Fixed bug #76704 (mb_detect_order return value varies based on argument type).
  • Opcache:
  • Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
  • OpenSSL:
  • Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
  • phpdbg:
  • Fixed bug #76595 (phpdbg man page contains outdated information).
  • SPL:
  • Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
  • Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
  • Standard:
  • Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
  • zlib:
  • Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
  • Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).

New in PHP 7.1.22 (September 14th, 2018)

  • Core:
  • Fixed bug #76754 (parent private constant in extends class memory leak).
  • Fixed bug #72443 (Generate enabled extension).
  • Apache2:
  • Fixed bug #76582 (Apache bucket brigade sometimes becomes invalid).
  • Bz2:
  • Fixed arginfo for bzcompress.
  • gettext:
  • Fixed bug #76517 (incorrect restoring of LDFLAGS).
  • iconv:
  • Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
  • Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
  • Fixed bug #60494 (iconv_mime_decode does ignore special characters).
  • Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
  • intl:
  • Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
  • libxml:
  • Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
  • mbstring:
  • Fixed bug #76704 (mb_detect_order return value varies based on argument type).
  • Opcache:
  • Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
  • OpenSSL:
  • Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
  • phpdbg:
  • Fixed bug #76595 (phpdbg man page contains outdated information).
  • SPL:
  • Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
  • Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
  • Standard:
  • Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
  • zlib:
  • Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
  • Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).

New in PHP 7.0.32 (September 14th, 2018)

  • Apache2:
  • Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked).

New in PHP 7.2.9 (August 15th, 2018)

  • Calendar:
  • Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset). (cmb)
  • Filter:
  • Fixed bug #76366 (References in sub-array for filtering breaks the filter). (ZiHang Gao)
  • PDO_Firebird:
  • Fixed bug #76488 (Memory leak when fetching a BLOB field). (Simonov Denis)
  • PDO_PgSQL:
  • Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option). (Anatol)
  • SQLite3:
  • Fixed #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle). (cmb)
  • Standard:
  • Fixed bug #73817 (Incorrect entries in get_html_translation_table). (cmb)
  • Fixed bug #68553 (array_column: null values in $index_key become incrementing keys in result). (Laruence)
  • Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`). (cmb)
  • Zip:
  • Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)). (Timur Ibragimov)

New in PHP 7.3.0 Beta 2 (August 14th, 2018)

  • Core:
  • Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)
  • Bz2:
  • Fixed arginfo for bzcompress. (Tyson Andre)
  • DOM:
  • Reverted fix for bug #76285 (DOMDocument::formatOutput attribute sometimes ignored). (cmb)
  • gettext:
  • Fixed bug #76517 (incorrect restoring of LDFLAGS). (sji)
  • intl:
  • Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders). (Anatol)
  • mbstring:
  • Fixed bug #76704 (mb_detect_order return value varies based on argument type). (cmb)
  • Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored). (cmb)
  • phpdbg:
  • Fixed bug #76595 (phpdbg man page contains outdated information). (Kevin Abel)
  • Standard:
  • Fixed bug #76688 (Disallow excessive parameters after options array). (pmmaga)
  • Fixed bug #76713 (Segmentation fault caused by property corruption). (Laruence)
  • Tidy:
  • Fixed arginfo for tidy::__construct(). (Tyson Andre)
  • zlib:
  • Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option). (Jay Bonci)
  • Fixed bug #76709 (Minimal required zlib library is 1.2.0.4). (petk)

New in PHP 7.2.8 (July 17th, 2018)

  • Core:
  • Fixed bug #76534 (PHP hangs on 'illegal string offset on string references with an error handler). (Laruence)
  • Fixed bug #76520 (Object creation leaks memory when executed over HTTP). (Nikita)
  • Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize properly). (Nikita)
  • Date:
  • Fixed bug #76462 (Undefined property: DateInterval::$f). (Anatol)
  • EXIF:
  • Fixed bug #76409 (heap use after free in _php_stream_free). (cmb)
  • Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (Stas)
  • Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (Stas)
  • FPM:
  • Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking). (Nikita)
  • GMP:
  • Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes). (Nikita)
  • intl:
  • Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong type). (cmb)
  • mbstring:
  • Fixed bug #76532 (Integer overflow and excessive memory usage in mb_strimwidth). (MarcusSchwarz)
  • Opcache:
  • Fixed bug #76477 (Opcache causes empty return value). (Nikita, Laruence)
  • PGSQL:
  • Fixed bug #76548 (pg_fetch_result did not fetch the next row). (Anatol)
  • phpdbg:
  • Fix arginfo wrt. optional/required parameters. (cmb)
  • Reflection:
  • Fixed bug #76536 (PHP crashes with core dump when throwing exception in error handler). (Laruence)
  • Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with inherited classes). (Nikita)
  • Standard:
  • Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys). (Laruence)
  • Fixed bug #71848 (getimagesize with $imageinfo returns false). (cmb)
  • Win32:
  • Fixed bug #76459 (windows linkinfo lacks openbasedir check). (Anatol)
  • ZIP:
  • Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM). (Dennis Birkholz, Remi)

New in PHP 7.2.6 (May 25th, 2018)

  • EXIF:
  • Fixed bug #76164 (exif_read_data zend_mm_heap corrupted).
  • FPM:
  • Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
  • intl:
  • Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
  • Opcache:
  • Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp).
  • Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array).
  • Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
  • Reflection:
  • Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
  • Session:
  • Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").

New in PHP 7.2.6 RC 1 (May 11th, 2018)

  • EXIF:
  • Fixed bug #76164 (exif_read_data zend_mm_heap corrupted). (cmb)
  • FPM:
  • Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD. (mgorny)
  • intl:
  • Fixed bug #74385 (Locale::parseLocale() broken with some arguments). (Anatol)
  • Opcache:
  • Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp). (Dmitry)
  • Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array). (Nikita)
  • Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors). (Nikita)
  • Reflection:
  • Fixed arginfo of array_replace(_recursive) and array_merge(_recursive). (carusogabriel)
  • Session:
  • Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#"). (Andrew Nester)

New in PHP 7.2.5 (April 25th, 2018)

  • Core:
  • Fixed bug #75722 (Convert valgrind detection to configure option). (Michael Heimpold)
  • Date:
  • Fixed bug #76131 (mismatch arginfo for date_create). (carusogabriel)
  • Exif:
  • Fixed bug#76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (Stas)
  • FPM:
  • Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long). (Jacob Hipps)
  • Fixed incorrect write to getenv result in FPM reload. (Jakub Zelenka)
  • GD:
  • Fixed bug #52070 (imagedashedline() dashed line sometimes is not visible). (cmb)
  • intl:
  • Fixed bug #76153 (Intl compilation fails with icu4c 61.1). (Anatol)
  • iconv:
  • Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (Stas)
  • ldap:
  • Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (Stas)
  • mbstring:
  • Fixed bug #75944 (Wrong cp1251 detection). (dmk001)
  • Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1). (chrullrich, cmb)
  • ODBC:
  • Fixed bug #76088 (ODBC functions are not available by default on Windows). (cmb)
  • Opcache:
  • Fixed bug #76094 (Access violation when using opcache). (Laruence)
  • Phar:
  • Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (Stas)
  • phpdbg:
  • Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite). (Laruence)
  • SPL:
  • Fixed bug #76131 (mismatch arginfo for splarray constructor). (carusogabriel)
  • standard:
  • Fixed bug #74139 (mail.add_x_header default inconsistent with docs). (cmb)
  • Fixed bug #75996 (incorrect url in header for mt_rand). (tatarbj)

New in PHP 7.2.4 RC 1 (March 16th, 2018)

  • Core:
  • Fixed bug #76025 (Segfault while throwing exception in error_handler). (Dmitry, Laruence)
  • Fixed bug #76044 ('date: illegal option --' in ./configure on FreeBSD). (Anatol)
  • FTP:
  • Fixed ftp_pasv arginfo. (carusogabriel)
  • -GD:
  • Fixed bug #73957 (signed integer conversion in imagescale()). (cmb)
  • Fixed bug #76041 (null pointer access crashed php). (cmb)
  • Fixed imagesetinterpolation arginfo. (Gabriel Caruso)
  • iconv:
  • Fixed bug #75867 (Freeing uninitialized pointer). (Philip Prindeville)
  • Mbstring:
  • Fixed bug #62545 (wrong unicode mapping in some charsets). (cmb)
  • Opcache:
  • Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization). (Nikita)
  • OpenSSL:
  • Fixed openssl_* arginfos. (carusogabriel)
  • PCNTL:
  • Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)). (Sam Ding)
  • Phar:
  • Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a n). (Laruence)
  • Standard:
  • Fixed bug #75961 (Strange references behavior). (Laruence)
  • Fixed some arginfos. (carusogabriel)
  • Fixed bug #76068 (parse_ini_string fails to parse "[foo]nbar=1|>baz" with segfault). (Anatol)

New in PHP 7.2.3 (March 1st, 2018)

  • Core:
  • Fixed bug #75864 ("stream_isatty" returns wrong value on s390x). (Sam Ding)
  • Apache2Handler:
  • Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration). (Anatol)
  • Date:
  • Fixed bug #75857 (Timezone gets truncated when formatted). (carusogabriel)
  • Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`). (Pedro Lacerda)
  • Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it). (jhdxr)
  • LDAP:
  • Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros). (dzuelke)
  • libxml2:
  • Fixed bug #75871 (use pkg-config where available). (pmmaga)
  • PGSQL:
  • Fixed bug #75838 (Memory leak in pg_escape_bytea()). (ard_1 at mail dot ru)
  • Phar:
  • Fixed bug #54289 (Phar::extractTo() does not accept specific directories to be extracted). (bishop)
  • Fixed bug #65414 (deal with leading slash while adding files correctly). (bishopb)
  • Fixed bug #65414 (deal with leading slash when adding files correctly). (bishopb)
  • ODBC:
  • Fixed bug #73725 (Unable to retrieve value of varchar(max) type). (Anatol)
  • Opcache:
  • Fixed bug #75729 (opcache segfault when installing Bitrix). (Nikita)
  • Fixed bug #75893 (file_get_contents $http_response_header variable bugged with opcache). (Nikita)
  • Fixed bug #75938 (Modulus value not stored in variable). (Nikita)
  • SPL:
  • Fixed bug #74519 (strange behavior of AppendIterator). (jhdxr)
  • Standard:
  • Fixed bug #75916 (DNS_CAA record results contain garbage). (Mike, Philip Sharp)
  • Fixed bug #75981 (Prevent reading beyond buffer start in http wrapper). (Stas)

New in PHP 7.2.2 (February 1st, 2018)

  • Core:
  • Fixed bug #75742 (potential memleak in internal classes's static members).
  • Fixed bug #75679 (Path 260 character problem).
  • Fixed bug #75614 (Some non-portable == in shell scripts).
  • Fixed bug #75786 (segfault when using spread operator on generator passed by reference).
  • Fixed bug #75799 (arg of get_defined_functions is optional).
  • Fixed bug #75396 (Exit inside generator finally results in fatal error).
  • FCGI:
  • Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
  • IMAP:
  • Fixed bug #75774 (imap_append HeapCorruction).
  • Opcache:
  • Fixed bug #75720 (File cache not populated after SHM runs full).
  • Fixed bug #75687 (var 8 (TMP) has array key type but not value type).
  • Fixed bug #75698 (Using @ crashes php7.2-fpm).
  • Fixed bug #75579 (Interned strings buffer overflow may cause crash).
  • PDO:
  • Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).
  • PDO MySQL:
  • Fixed bug #75615 (PDO Mysql module can't be built as module).
  • PGSQL:
  • Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
  • Readline:
  • Fixed bug #75775 (readline_read_history segfaults with empty file).
  • SAPI:
  • Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry).
  • SOAP:
  • Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
  • Fixed bug #75502 (Segmentation fault in zend_string_release).
  • SPL:
  • Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference).
  • Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class).
  • Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties).
  • Standard:
  • Fixed bug #75781 (substr_count incorrect result).
  • Fixed bug #75653 (array_values don't work on empty array).
  • Zip:
  • Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).

New in PHP 7.2.2 RC 1 (January 16th, 2018)

  • Core:
  • Fixed bug #75742 (potential memleak in internal classes's static members). (Laruence)
  • Fixed bug #75679 (Path 260 character problem). (Anatol)
  • Fixed bug #75614 (Some non-portable == in shell scripts). (jdolecek)
  • Fixed bug #75786 (segfault when using spread operator on generator passed by reference). (Nikita)
  • Fixed bug #75799 (arg of get_defined_functions is optional). (carusogabriel)
  • Fixed bug #75396 (Exit inside generator finally results in fatal error). (Nikita)
  • FCGI:
  • Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false). (Anatol)
  • IMAP:
  • Fixed bug #75774 (imap_append HeapCorruction). (Anatol)
  • Opcache:
  • Fixed bug #75687 (var 8 (TMP) has array key type but not value type). (Nikita, Laruence)
  • Fixed bug #75698 (Using @ crashes php7.2-fpm). (Nikita)
  • PDO:
  • Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin). (jdolecek)
  • PDO MySQL:
  • Fixed bug #75615 (PDO Mysql module can't be built as module). (jdolecek)
  • Opcache:
  • Fixed bug #75720 (File cache not populated after SHM runs full). (Dmitry)
  • Fixed bug #75579 (Interned strings buffer overflow may cause crash). (Dmitry)
  • PGSQL:
  • Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach). (magicaltux at gmail dot com)
  • Readline:
  • Fixed bug #75775 (readline_read_history segfaults with empty file). (Anatol)
  • SAPI:
  • Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry). (Laruence)
  • SOAP:
  • Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used). (Anton Artamonov)
  • Fixed bug #75502 (Segmentation fault in zend_string_release). (Nikita)
  • SPL:
  • Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference). (Nikita)
  • Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class). (Nikita)
  • Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties). (Nikita)
  • Standard:
  • Fixed bug #75781 (substr_count incorrect result). (Laruence)
  • Fixed bug #75653 (array_values don't work on empty array). (Nikita)
  • Zip:
  • Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1). (Remi)

New in PHP 7.2.1 (January 5th, 2018)

  • Core:
  • Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
  • Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
  • Fixed bug #75525 (Access Violation in vcruntime140.dll).
  • Fixed bug #74862 (Unable to clone instance when private __clone defined).
  • Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
  • CLI server:
  • Fixed bug #73830 (Directory does not exist).
  • FPM:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
  • GD:
  • Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx).
  • Opcache:
  • Fixed bug #75608 ("Narrowing occurred during type inference" error).
  • Fixed bug #75579 (Interned strings buffer overflow may cause crash).
  • Fixed bug #75570 ("Narrowing occurred during type inference" error).
  • Fixed bug #75556 (Invalid opcode 138/1/1).
  • PCRE:
  • Fixed bug #74183 (preg_last_error not returning error code after error).
  • Phar:
  • Fixed bug #74782 (remove file name from output to avoid XSS).
  • Standard:
  • Fixed bug #75511 (fread not free unused buffer).
  • Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
  • Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault).
  • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
  • Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
  • Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
  • Zip:
  • Fixed bug #75540 (Segfault with libzip 1.3.1).

New in PHP 7.2.1 RC 1 (December 15th, 2017)

  • Core:
  • Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26). (Laruence)
  • Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand). (Anatol)
  • Fixed bug #75525 (Access Violation in vcruntime140.dll). (Anatol)
  • Fixed bug #74862 (Unable to clone instance when private __clone defined). (Daniel Ciochiu)
  • Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars). (Anatol)
  • CLI server:
  • Fixed bug #73830 (Directory does not exist). (Anatol)
  • FPM:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests). (Remi)
  • Opcache:
  • Fixed bug #75608 ("Narrowing occurred during type inference" error). (Laruence, Dmitry)
  • Fixed bug #75570 ("Narrowing occurred during type inference" error). (Dmitry)
  • Fixed bug #75556 (Invalid opcode 138/1/1). (Laruence)
  • PCRE:
  • Fixed bug #74183 (preg_last_error not returning error code after error). (Andrew Nester)
  • Standard:
  • Fixed bug #75511 (fread not free unused buffer). (Laruence)
  • Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
  • Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (Nikita)
  • Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing). (sarciszewski)
  • Fixed bug #73124 (php_ini_scanned_files() not reporting correctly). (John Stevenson)
  • Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character). (Anatol)
  • Zip:
  • Fixed bug #75540 (Segfault with libzip 1.3.1). (Remi)

New in PHP 7.2.0 (December 4th, 2017)

  • Numerous improvements and new features such as:
  • Convert numeric keys in object/array casts
  • Counting of non-countable objects
  • Object typehint
  • HashContext as Object
  • Argon2 in password hash
  • Improve TLS constants to sane values
  • Mcrypt extension removed
  • New sodium extension

New in PHP 7.1.12 (November 24th, 2017)

  • Core:
  • Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
  • Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
  • CLI:
  • Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
  • Enchant:
  • Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
  • Fixed bug #75365 (Enchant still reports version 1.1.0).
  • Exif:
  • Fixed bug #75301 (Exif extension has built in revision version).
  • GD:
  • Fixed bug #65148 (imagerotate may alter image dimensions).
  • Fixed bug #75437 (Wrong reflection on imagewebp).
  • intl:
  • Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
  • interbase:
  • Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
  • Mysqli:
  • Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
  • OCI8:
  • Fixed valgrind issue.
  • OpenSSL:
  • Fixed bug #75363 (openssl_x509_parse leaks memory).
  • Fixed bug #75307 (Wrong reflection for openssl_open function).
  • Opcache:
  • Fixed bug #75373 (Warning Internal error: wrong size calculation).
  • PGSQL:
  • Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
  • SOAP:
  • Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
  • Zlib:
  • Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).

New in PHP 7.2.0 RC 6 (November 21st, 2017)

  • Core:
  • Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS). (Laruence)
  • GD:
  • Fixed bug #75437 (Wrong reflection on imagewebp). (Fabien Villepinte)
  • interbase:
  • Fixed bug #75453 (Incorrect reflection for ibase_[p]connect). (villfa)
  • Mysqli:
  • Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function). (Fabien Villepinte)
  • SOAP:
  • Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders). (villfa)

New in PHP 7.2.0 RC 5 (October 29th, 2017)

  • Core:
  • Fixed bug #75368 (mmap/munmap trashing on unlucky allocations). (Nikita, Dmitry)
  • CLI:
  • Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function). (Laruence)
  • Date:
  • Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
  • Enchant:
  • Fixed bug #53070 (enchant_broker_get_path crashes if no path is set). (jelle van der Waa, cmb)
  • Fixed bug #75365 (Enchant still reports version 1.1.0). (cmb)
  • Exif:
  • Fixed bug #75301 (Exif extension has built in revision version). (Peter Kokot)
  • Fileinfo:
  • Upgrade bundled libmagic to 5.31. (Anatol)
  • GD:
  • Fixed bug #65148 (imagerotate may alter image dimensions). (cmb)
  • Intl:
  • Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument). (Laruence)
  • Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination). (andrewnester)
  • JSON:
  • Fixed bug #68567 (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key). (Jakub Zelenka)
  • OCI8:
  • Fixed valgrind issue. (Tianfang Yang)
  • Opcache:
  • Fixed bug (assertion fails with extended info generated). (Laruence)
  • Fixed bug (Phi sources removel). (Laruence)
  • Fixed bug #75370 (Webserver hangs on valid PHP text). (Laruence)
  • Fixed bug #75357 (segfault loading WordPress wp-admin). (Laruence)
  • Fixed bug #75373 (Warning Internal error: wrong size calculation). (Laruence, Dmitry)
  • Openssl:
  • Fixed bug #75363 (openssl_x509_parse leaks memory). (Bob)
  • PCRE:
  • Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
  • PGSQL:
  • Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()). (Sara)
  • Standard:
  • Fixed bug #75221 (Argon2i always throws NUL at the end). (cmb)
  • Zlib:
  • Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add). (Fabien Villepinte)

New in PHP 7.1.11 (October 25th, 2017)

  • Core:
  • Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()). (Laruence)
  • Fixed bug #75236 (infinite loop when printing an error-message). (Andrea)
  • Fixed bug #75252 (Incorrect token formatting on two parse errors in one request). (Nikita)
  • Fixed bug #75220 (Segfault when calling is_callable on parent). (andrewnester)
  • Fixed bug #75290 (debug info of Closures of internal functions contain garbage argument names). (Andrea)
  • Date:
  • Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (Derick)
  • Apache2Handler:
  • Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler). (mcarbonneaux)
  • Hash:
  • Fixed bug #75303 (sha3 hangs on bigendian). (Remi)
  • Intl:
  • Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional). (cmb)
  • litespeed:
  • Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI). (petk)
  • Fixed bug #75251 (Missing program prefix and suffix). (petk)
  • mcrypt:
  • Fixed bug #72535 (arcfour encryption stream filter crashes php). (Leigh)
  • MySQLi:
  • Fixed bug #75018 (Data corruption when reading fields of bit type). (Anatol)
  • OCI8:
  • Fixed incorrect reference counting. (Dmitry, Tianfang Yang)
  • Opcache
  • Fixed bug #75255 (Request hangs and not finish). (Dmitry)
  • PCRE:
  • Fixed bug #75207 (applied upstream patch for CVE-2016-1283). (Anatol)
  • PDO_mysql:
  • Fixed bug #75177 (Type 'bit' is fetched as unexpected string). (Anatol)
  • SPL:
  • Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags). (J. Jeising, cmb)

New in PHP 7.1.10 (September 29th, 2017)

  • Core:
  • Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
  • BCMath:
  • Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
  • Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
  • Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
  • Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
  • CLI server:
  • Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
  • CURL:
  • Fixed bug #75093 (OpenSSL support not detected). (Remi)
  • GD:
  • Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
  • Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
  • Gettext:
  • Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
  • Intl:
  • Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
  • Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
  • PDO_OCI:
  • Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
  • SPL:
  • Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
  • Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
  • Standard:
  • Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
  • Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)

New in PHP 7.1.10 RC 1 (September 17th, 2017)

  • Core:
  • Fixed bug #75042 (run-tests.php issues with EXTENSION block). (John Boehr)
  • BCMath:
  • Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
  • Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
  • Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
  • Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
  • CLI server:
  • Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
  • CURL:
  • Fixed bug #75093 (OpenSSL support not detected). (Remi)
  • GD:
  • Fixed bug #75124 (gdImageGrayScale() may produce colors). (cmb)
  • Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
  • Gettext:
  • Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
  • Intl:
  • Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class). (tpunt)
  • Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
  • PDO_OCI:
  • Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up). (Ingmar Runge)
  • SPL:
  • Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
  • Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
  • Standard:
  • Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
  • Fixed bug #75097 (gethostname fails if your host name is 64 chars long). (Andrea)

New in PHP 7.2.0 RC 2 (September 17th, 2017)

  • Core:
  • Fixed Bug #75142 (buildcheck.sh check for autoconf version needs to be updated for v2.64). (zizzy at zizzy dot net, Remi)
  • BCMath:
  • Fixed bug #44995 (bcpowmod() fails if scale != 0). (cmb)
  • Fixed bug #46781 (BC math handles minus zero incorrectly). (cmb)
  • Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1). (okano1220, cmb)
  • Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus). (cmb)
  • CLI server:
  • Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets). (bouk)
  • Date:
  • Fixed bug #75149 (redefinition of typedefs ttinfo and t1info). (Remi)
  • GD:
  • Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?). (cmb)
  • Intl:
  • Fixed bug #75193 (segfault in collator_convert_object_to_string). (Remi)
  • Gettext:
  • Fixed bug #73730 (textdomain(null) throws in strict mode). (cmb)
  • Opcache
  • Fixed incorect constant conditional jump elimination. (Dmitry)
  • OpenSSL
  • Automatically load OpenSSL configuration file. (Jakub Zelenka)
  • SPL:
  • Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator). (Nikita)
  • Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop). (jhdxr)
  • Standard:
  • Fixed bug #75152 (signed integer overflow in parse_iv). (Laruence)
  • Fixed bug #75170 (mt_rand() bias on 64-bit machines). (Nikita)
  • ZIP:
  • Fixed bug #75143 (new method setEncryptionName() seems not to exist in ZipArchive). (Anatol)

New in PHP 7.1.9 (September 1st, 2017)

  • Core:
  • Fixed bug #74947 (Segfault in scanner on INF number).
  • Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
  • Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
  • Fixed bug #75063 (Main CWD initialized with wrong codepage).
  • cURL:
  • Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
  • Date:
  • Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
  • Intl:
  • Fixed bug #74993 (Wrong reflection on some locale_* functions).
  • Mbstring:
  • Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
  • Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
  • Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
  • MySQLi:
  • Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
  • OCI8:
  • Expose oci_unregister_taf_callback() (Tianfang Yang)
  • Opcache:
  • Fixed bug #74980 (Narrowing occurred during type inference).
  • phar:
  • Fixed bug #74991 (include_path has a 4096 char limit in some cases).
  • Reflection:
  • Fixed bug #74949 (null pointer dereference in _function_string).
  • Session:
  • Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
  • Fixed bug #74833 (SID constant created with wrong module number).
  • SimpleXML:
  • Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
  • SPL:
  • Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
  • Fixed bug #74669 (Unserialize ArrayIterator broken).
  • Fixed bug #74977 (Appending AppendIterator leads to segfault).
  • Fixed bug #75015 (Crash in recursive iterator destructors).
  • Standard:
  • Fixed bug #75075 (unpack with X* causes infinity loop).
  • Fixed bug #74103 (heap-use-after-free when unserializing invalid array size).
  • Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
  • WDDX:
  • Fixed bug #73793 (WDDX uses wrong decimal seperator).
  • XMLRPC:
  • Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties)

New in PHP 7.1.8 (August 2nd, 2017)

  • Core:
  • Fixed bug #74832 (Loading PHP extension with already registered function name leads to a crash). (jpauli)
  • Fixed bug #74780 (parse_url() broken when query string contains colon). (jhdxr)
  • Fixed bug #74761 (Unary operator expected error on some systems). (petk)
  • Fixed bug #73900 (Use After Free in unserialize() SplFixedArray). (nikic)
  • Fixed bug #74923 (Crash when crawling through network share). (Anatol)
  • Fixed bug #74913 (fixed incorrect poll.h include). (petk)
  • Fixed bug #74906 (fixed incorrect errno.h include). (petk)
  • Date:
  • Fixed bug #74852 (property_exists returns true on unknown DateInterval property). (jhdxr)
  • OCI8:
  • Fixed bug #74625 (Integer overflow in oci_bind_array_by_name). (Ingmar Runge)
  • Opcache:
  • Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier). (nikic)
  • OpenSSL:
  • Fixed bug #74798 (pkcs7_en/decrypt does not work if x0a is used in content). (Anatol)
  • Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362 (OpenSSL Blowfish encryption is incorrect for short keys). (Jakub Zelenka)
  • PDO:
  • Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query). (Adam Baratz)
  • SPL:
  • Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
  • SQLite3:
  • Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags). (Anatol)
  • Wddx:
  • Fixed bug #73173 (huge memleak when wddx_unserialize). (tloi at fortinet dot com)
  • zlib:
  • Fixed bug #73944 (dictionary option of inflate_init() does not work). (wapmorgan)

New in PHP 7.1.7 (July 5th, 2017)

  • Core:
  • Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)
  • Fixed bug #74658 (Undefined constants in array properties result in broken properties). (Laruence)
  • Fixed misparsing of abstract unix domain socket names. (Sara)
  • Fixed bug #74101, bug #74614 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (Nikita)
  • Date:
  • Fixed bug #74639 (implement clone for DatePeriod and DateInterval). (andrewnester)
  • DOM:
  • Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
  • Intl:
  • Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
  • Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)
  • Mbstring:
  • Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
  • OCI8:
  • Add TAF callback (PR #2459). (KoenigsKind)
  • Opcache:
  • Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence)
  • Revert opcache.enable_cli to default disabled. (Nikita)
  • OpenSSL:
  • Fixed bug #74720 (pkcs7_en/decrypt does not work if x1a is used in content). (Anatol)
  • PDO_OCI:
  • Support Instant Client 12.2 in --with-pdo-oci configure option. (Tianfang Yang)
  • Reflection:
  • Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)
  • SPL:
  • Fixed bug #74478 (null coalescing operator failing with SplFixedArray). (jhdxr)
  • FTP:
  • Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)
  • PHAR:
  • Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)
  • SOAP
  • Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)
  • Streams:
  • Fixed bug #74556 (stream_socket_get_name() returns ''). (Sara)

New in PHP 7.2.0 Alpha 3 (July 4th, 2017)

  • Core:
  • Fixed bug #74780 (parse_url() broken when query string contains colon). (jhdxr)
  • Fixed bug #74761 (Unary operator expected error on some systems). (petk)
  • Allow loading PHP/Zend extensions by name in ini files (extension=). (francois at tekwire dot net)
  • Added object type annotation. (brzuchal)
  • Fixed bug #74815 (crash with a combination of INI entries at startup). (Anatol)
  • Fixed bug #74836 (isset on zero-prefixed numeric indexes in array broken). (Dmitry)
  • CLI:
  • Fixed bug #74849 (Process is started as interactive shell in PhpStorm). (Anatol)
  • OpenSSL:
  • Fixed bug #74798 (pkcs7_en/decrypt does not work if x0a is used in content). (Anatol)
  • SPL:
  • Fixed bug #73471 (PHP freezes with AppendIterator). (jhdxr)
  • Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct). (tysonandre775 at hotmail dot com)
  • Session:
  • Fixed bug #74514 (5 session functions incorrectly warn when calling in read-only/getter mode). (Yasuo)
  • Standard:
  • Add support for extension name as argument to dl(). (francois at tekwire dot net)
  • zlib:
  • Fixed bug #73944 (dictionary option of inflate_init() does not work). (wapmorgan)
  • Expose inflate_get_status() and inflate_get_read_len() functions. (Matthew Trescott)

New in PHP 7.1.7 RC (June 23rd, 2017)

  • Core:
  • Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed). (Manuel Mausz)
  • Fixed bug #74658 (Undefined constants in array properties result in broken properties). (Laruence)
  • Fixed misparsing of abstract unix domain socket names. (Sara)
  • Date:
  • Fixed bug #74639 (implement clone for DatePeriod and DateInterval). (andrewnester)
  • DOM:
  • Fixed bug #69373 (References to deleted XPath query results). (ttoohey)
  • Intl:
  • Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (libnex)
  • Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key). (Tyson Andre, Remi)
  • Mbstring:
  • Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229) (Remi, Mamoru TASAKA)
  • OCI8:
  • Add TAF callback (PR #2459). (KoenigsKind)
  • Opcache:
  • Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp). (Laruence)
  • Revert opcache.enable_cli to default disabled. (Nikita)
  • OpenSSL:
  • Fixed bug #74720 (pkcs7_en/decrypt does not work if x1a is used in content). (Anatol)
  • PDO_OCI:
  • Support Instant Client 12.2 in --with-pdo-oci configure option. (Tianfang Yang)
  • Reflection:
  • Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant). (Laruence)
  • SPL:
  • Fixed bug #74478 (null coalescing operator failing with SplFixedArray). (jhdxr)
  • FTP:
  • Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)
  • PHAR:
  • Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)
  • SOAP
  • Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY). (Dmitry)
  • Streams:
  • Fixed bug #74556 (stream_socket_get_name() returns ''). (Sara)

New in PHP 7.2.0 Alpha 2 (June 20th, 2017)

  • Core:
  • Change PHP_OS_FAMILY value from "OSX" to "Darwin". (sb, kalle)
  • GD:
  • Fixed bug #74744 (gd.h: stdarg.h include missing for va_list use in gdErrorMethod). (rainer dot jung at kippdata dot de, cmb)
  • OCI8:
  • Add TAF callback (PR #2459). (KoenigsKind)
  • OpenSSL:
  • Fixed bug #74720 (pkcs7_en/decrypt does not work if x1a is used in content). (Anatol)
  • Use TLS_ANY for default ssl:// and tls:// negotiation. (Niklas Keller, me at kelunik dot com)
  • Fix leak in openssl_spki_new(). (jelle at vdwaa dot nl)
  • PDO_OCI:
  • Fixed Bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax). (Tianfang Yang)
  • Support Instant Client 12.2 in --with-pdo-oci configure option. (Tianfang Yang)
  • Standard:
  • Compatibility with libargon2 versions 20161029 and 20160821. (charlesportwoodii at erianna dot com)
  • Fixed Bug #74737 (mysqli_get_client_info reflection info). (mhagstrand at gmail dot com)
  • Streams:
  • Default ssl/single_dh_use and ssl/honor_cipher_order to true. (me at kelunik dot com)
  • SQLite3:
  • Update to Sqlite 3.19.3. (cmb)
  • Implement writing to blobs. (bohwaz at github dot com)

New in PHP 7.1.6 (June 9th, 2017)

  • Core:
  • Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).
  • Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
  • Fixed bug #74589 (__DIR__ wrong for unicode character).
  • intl:
  • Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).
  • MySQLi:
  • Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
  • Opcache:
  • Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).
  • phar:
  • Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
  • Readline:
  • Fixed bug #74490 (readline() moves the cursor to the beginning of the line).
  • Standard:
  • Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
  • xmlreader:
  • Fixed bug #74457 (Wrong reflection on XMLReader::expand).

New in PHP 7.2.0 Alpha 1 (June 7th, 2017)

  • Core:
  • Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions. (Dmitry)
  • "Countable" interface is moved from SPL to Core. (Dmitry)
  • Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array. (Dmitry)
  • Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUNTED). (Dmitry)
  • Removed the sql.safe_mode directive. (Kalle)
  • Removed support for Netware. (Kalle)
  • Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC). (Sara)
  • Fixed bug #54535 (WSA cleanup executes before MSHUTDOWN). (Kalle)
  • Implemented FR #69791 (Disallow mail header injections by extra headers) (Yasuo)
  • Implemented FR #49806 (proc_nice() for Windows). (Kalle)
  • Fix pthreads detection when cross-compiling (ffontaine)
  • Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).
  • Fixed bug #73215 (uniqid() should use better random source). (Yasuo)
  • Fixed bug #73337 (try/catch not working with two exceptions inside a same operation). (Dmitry)
  • Implemented FR #72768 (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe). (Michele Locati)
  • Implemented "Convert numeric keys in object/array casts" RFC, fixes bugs #53838, #61655, #66173, #70925, #72254, etc. (Andrea)
  • Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC. (Rowan Collins)
  • Raised minimum supported Windows versions to Windows 7/Server 2008 R2. (Anatol)
  • Implemented minor optimization in array_keys/array_values(). (Sara)
  • Fixed bug #73969 (segfault in debug_print_backtrace). (andrewnester)
  • Added PHP_OS_FAMILY constant to determine on which OS we are. (Jan Altensen)
  • Fixed bug #73994 (arginfo incorrect for unpack). (krakjoe)
  • Fixed bug #73973 (assertion error in debug_zval_dump). (andrewnester)
  • Fixed bug #73987 (Method compatibility check looks to original definition and not parent). (pmmaga)
  • Fixed bug #73991 (JSON_OBJECT_AS_ARRAY not respected). (Sara)
  • Fixed bug #74053 (Corrupted class entries on shutdown when a destructor spawns another object). (jim at commercebyte dot com)
  • Fixed bug #73971 (Filename got limited to MAX_PATH on Win32 when scan directory). (Anatol)
  • Fixed bug #74149 (static embed SAPI linkage error). (krakjoe)
  • Fixed bug #72359, bug #72451, bug #73706, bug #71115 and others related to interned strings handling in TS builds. (Anatol, Dmitry)
  • Implemented "Trailing Commas In List Syntax" RFC for group use lists only. (Sammy Kaye Powers)
  • Fixed bug #74269 (It's possible to override trait property with different loosely-equal value). (pmmaga)
  • Fixed bug #61970 (Restraining __construct() access level in subclass gives a fatal error). (pmmaga)
  • Fixed bug #63384 (Cannot override an abstract method with an abstract method). (pmmaga, wes)
  • Fixed bug #74607 (Traits enforce different inheritance rules). (pmmaga)
  • Fixed misparsing of abstract unix domain socket names. (Sara)
  • BCMath:
  • Fixed bug #46564 (bcmod truncates fractionals). (liborm85)
  • Calendar:
  • Fix integer overflows (Joshua Rogers)
  • Date:
  • Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat). (kelunik)
  • Fixed bug #69587 (DateInterval properties and isset). (jhdxr)
  • Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions). (krakjoe)
  • Fixed bug #74080 (add constant for RFC7231 format datetime). (duncan3dc)
  • Fixed bug #74639 (implement clone for DatePeriod and DateInterval). (andrewnester)
  • Implemented FR #71520 (Adding the DateTime constants to the DateTimeInterface interface). (Majkl578)
  • Dba:
  • Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry). (Anatol)
  • DOM:
  • Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
  • Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes). (aboks)
  • Fixed bug #74004 (LIBXML_NOWARNING (etc) ignored by DOMDocument::loadHTML). (somedaysummer)
  • EXIF:
  • Added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh & Epson. (Kalle)
  • Fixed bug #72682 (exif_read_data() fails to read all data for some images). (Kalle)
  • Fixed bug #71534 (Type confusion in exif_read_data() leading to heap overflow in debug mode). (hlt99 at blinkenshell dot org, Kalle)
  • Fixed bug #68547 (Exif Header component value check error). (sjh21a at gmail dot com, Kalle)
  • Fixed bug #66443 (Corrupt EXIF header: maximum directory nesting level reached for some cameras). (Kalle)
  • Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function). (Kalle)
  • FPM:
  • Configuration to limit fpm slow log trace callers. (Sannis)
  • Fixed bug #69865 (php-fpm does not close stderr when using syslog). (Mike)
  • FTP:
  • Fixed bug #74598 (ftp:// wrapper ignores context arg). (Sara)
  • Implement MLSD for structured listing of directories. (blar)
  • GD:
  • Implemented imageresolution as getter and setter (Christoph)
  • Fixed bug #74343 (compile fails on solaris 11 with system gd2 library). (krakjoe)
  • GMP:
  • Fixed bug #70896 (gmp_fact() silently ignores non-integer input). (Sara)
  • hash:
  • Fixed bug #73961 (environmental build dependency in hash sha3 source). (krakjoe)
  • Changed HashContext from resource to object. (Rouven Weßling, Sara)
  • intl:
  • Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa)
  • Fixed bug #74439 (wrong reflection for Locale methods). (villfa)
  • Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys). (villfa)
  • Fixed bug #63790 (test using Spoofchecker which may be unavailable). (Sara)
  • Mbstring:
  • Implemented request #66024 (mb_chr() and mb_ord()). (Masakielastic, Yasuo)
  • Implemented request #65081 (mb_scrub()). (Masakielastic, Yasuo)
  • Implemented request #69086 (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely). (Masakielastic, Yasuo)
  • Added array input support to mb_convert_encoding(). (Yasuo)
  • Added array input support to mb_check_encoding(). (Yasuo)
  • Fixed bug #69079 (enhancement for mb_substitute_character). (masakielastic)
  • Update to oniguruma version 6.3.0. (Remi)
  • Mcrypt:
  • The deprecated mcrypt extension has been moved to PECL. (leigh)
  • MySQLi:
  • Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe)
  • mysqlnd:
  • Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE). (vanviegen)
  • OpenSSL:
  • Fixed bug #71519 (add serial hex to return value array). (xrobau)
  • PCRE:
  • Added support for PCRE JIT fast path API. (dmitry)
  • Fixed bug #61780 (Inconsistent PCRE captures in match results). (cmb)
  • PDO:
  • Add "Sent SQL" to debug dump for emulated prepares. (Adam Baratz)
  • Add parameter types for national character set strings. (Adam Baratz)
  • PDO_DBlib:
  • Fixed bug #73234 (Emulated statements let value dictate parameter type). (Adam Baratz)
  • Fixed bug #73396 (bigint columns are returned as strings). (Adam Baratz)
  • Expose DB-Library version as PDO::DBLIB_ATTR_VERSION attribute on PDO instance. (Adam Baratz)
  • Add test coverage for bug #72969. (Jeff Farr)
  • PDO_OCI:
  • Fixed bug #54379 (PDO_OCI: UTF-8 output gets truncated). (gureedo / Oracle)
  • PDO_PgSQL:
  • Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name). (andrewnester)
  • PDO_Sqlite
  • Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)
  • phar:
  • Fixed bug #74383 (phar method parameters reflection correction). (mhagstrand)
  • Fixed bug #74196 (phar does not correctly handle names containing dots). (mhagstrand)
  • Fixed bug #74386 (Phar::__construct reflection incorrect). (villfa)
  • PHPDBG
  • Added extended_value to opcode dump output. (Sara)
  • posix:
  • Fixed bug #71219 (configure script incorrectly checks for ttyname_r). (atoh)
  • Session:
  • Fixed bug #73461 (Prohibit session save handler recursion). (Yasuo)
  • PR #2233 Removed register_globals related code and "!" can be used as $_SESSION key name. (Yasuo)
  • Improved bug #73100 fix. 'user' save handler can only be set by session_set_save_handler()
  • Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov)
  • SOAP:
  • Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient) (Keith Smiley)
  • SQLite3:
  • Update to Sqlite 3.18.0. (cmb)
  • Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions). (krakjoe)
  • Standard:
  • Add subject to mail log. (tomsommer)
  • Fixed bug #31875 (get_defined_functions additional param to exclude disabled functions). (willianveiga)
  • Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph)
  • Fixed bug #72974 (imap is undefined service on AIX). (matthieu.sarter)
  • Fixed bug #72979 (money_format stores wrong length AIX). (matthieu.sarter)
  • Fixed bug #74300 (unserialize accepts two plus/minus signs for float number exponent part). (xKerman)
  • Fixed bug #74556 (stream_socket_get_name() returns ''). (Sara)
  • XML:
  • Moved utf8_encode() and utf8_decode() to the Standard extension. (Andrea)
  • Fixed bug #72135 (malformed XML causes fault) (edgarsandi)
  • xmlreader:
  • Fixed bug #74457 (Wrong reflection on XMLReader::expand). (villfa)
  • XMLRPC:
  • Use Zend MM for allocation in bundled libxmlrpc (Joe)
  • ZIP:
  • Add support for encrypted archives. (Remi)
  • Use of bundled libzip is deprecated, --with-libzip option is recommended. (Remi)
  • Fixed Bug #73803 (Reflection of ZipArchive does not show public properties). (Remi)

New in PHP 7.1.6 RC 1 (May 24th, 2017)

  • Core:
  • Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i). (Laruence)
  • Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST). (Laruence)
  • Fixed bug #74589 (__DIR__ wrong for unicode character). (Anatol)
  • intl:
  • Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys). (villfa)
  • MySQLi:
  • Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types). (Anatol)
  • Opcache:
  • Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled). (Laruence)
  • phar:
  • Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method). (Christian Weiske)
  • Readline:
  • Fixed bug #74490 (readline() moves the cursor to the beginning of the line). (Anatol)
  • Standard:
  • Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC). (Damian Wadley, Anatol)
  • xmlreader:
  • Fixed bug #74457 (Wrong reflection on XMLReader::expand). (villfa)

New in PHP 7.1.5 (May 9th, 2017)

  • Core:
  • Fixed bug #74408 (Endless loop bypassing execution time limit). (Laruence)
  • Fixed bug #74353 (Segfault when killing within bash script trap code). (Laruence)
  • Fixed bug #74340 (Magic function __get has different behavior in php 7.1.x). (Nikita)
  • Fixed bug #74188 (Null coalescing operator fails for undeclared static class properties). (tpunt)
  • Fixed bug #74444 (multiple catch freezes in some cases). (David Matějka)
  • Fixed bug #74410 (stream_select() is broken on Windows Nanoserver). (Matt Ficken)
  • Fixed bug #74337 (php-cgi.exe crash on facebook callback). (Anton Serbulov)
  • Date:
  • Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions). (krakjoe)
  • Fixed bug #74080 (add constant for RFC7231 format datetime). (duncan3dc)
  • DOM:
  • Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode). (Remi, Fabien Villepinte)
  • Fileinfo:
  • Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c). (Laruence)
  • GD:
  • Fixed bug #74343 (compile fails on solaris 11 with system gd2 library). (krakjoe)
  • MySQLnd:
  • Fixed bug #74376 (Invalid free of persistent results on error/connection loss). (Yussuf Khalil)
  • Intl:
  • Fixed bug #65683 (Intl does not support DateTimeImmutable). (Ben Scholzen)
  • Fixed bug #74298 (IntlDateFormatter->format() doesn't return microseconds/fractions). (Andrew Nester)
  • Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa)
  • Fixed bug #74439 (wrong reflection for Locale methods). (villfa)
  • Opcache:
  • Fixed bug #74456 (Segmentation error while running a script in CLI mode). (Laruence)
  • Fixed bug #74431 (foreach infinite loop). (Nikita)
  • Fixed bug #74442 (Opcached version produces a nested array). (Nikita)
  • OpenSSL:
  • Fixed bug #73833 (null character not allowed in openssl_pkey_get_private). (Jakub Zelenka)
  • Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH key). (Jakub Zelenka)
  • Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds). (Moritz Fain)
  • phar:
  • Fixed bug #74383 (phar method parameters reflection correction). (mhagstrand)
  • Readline:
  • Fixed bug #74489 (readline() immediately returns false in interactive console mode). (Anatol)
  • Standard:
  • Fixed bug #72071 (setcookie allows max-age to be negative). (Craig Duncan)
  • Fixed bug #74361 (Compaction in array_rand() violates COW). (Nikita)
  • Streams:
  • Fixed bug #74429 (Remote socket URI with unique persistence identifier broken). (Sara)

New in PHP 7.1.5 RC 1 (April 26th, 2017)

  • Core:
  • Fixed bug #74408 (Endless loop bypassing execution time limit). (Laruence)
  • Fixed bug #74353 (Segfault when killing within bash script trap code). (Laruence)
  • Fixed bug #74340 (Magic function __get has different behavior in php 7.1.x). (Nikita)
  • Fixed bug #74188 (Null coalescing operator fails for undeclared static class properties). (tpunt)
  • Fixed bug #74444 (multiple catch freezes in some cases). (David Matějka)
  • Fixed bug #74410 (stream_select() is broken on Windows Nanoserver). (Matt Ficken)
  • Fixed bug #74337 (php-cgi.exe crash on facebook callback). (Anton Serbulov)
  • Date:
  • Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions). (krakjoe)
  • Fixed bug #74080 (add constant for RFC7231 format datetime). (duncan3dc)
  • DOM:
  • Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode). (Remi, Fabien Villepinte)
  • Fileinfo:
  • Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c). (Laruence)
  • GD:
  • Fixed bug #74343 (compile fails on solaris 11 with system gd2 library). (krakjoe)
  • MySQLnd:
  • Fixed bug #74376 (Invalid free of persistent results on error/connection loss). (Yussuf Khalil)
  • Intl:
  • Fixed bug #65683 (Intl does not support DateTimeImmutable). (Ben Scholzen)
  • Fixed bug #74298 (IntlDateFormatter->format() doesn't return microseconds/fractions). (Andrew Nester)
  • Fixed bug #74433 (wrong reflection for Normalizer methods). (villfa)
  • Fixed bug #74439 (wrong reflection for Locale methods). (villfa)
  • Opcache:
  • Fixed bug #74456 (Segmentation error while running a script in CLI mode). (Laruence)
  • Fixed bug #74431 (foreach infinite loop). (Nikita)
  • Fixed bug #74442 (Opcached version produces a nested array). (Nikita)
  • OpenSSL:
  • Fixed bug #73833 (null character not allowed in openssl_pkey_get_private). (Jakub Zelenka)
  • Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH key). (Jakub Zelenka)
  • Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds). (Moritz Fain)
  • phar:
  • Fixed bug #74383 (phar method parameters reflection correction). (mhagstrand)
  • Readline:
  • Fixed bug #74489 (readline() immediately returns false in interactive console mode). (Anatol)
  • Standard:
  • Fixed bug #72071 (setcookie allows max-age to be negative). (Craig Duncan)
  • Fixed bug #74361 (Compaction in array_rand() violates COW). (Nikita)
  • Streams:
  • Fixed bug #74429 (Remote socket URI with unique persistence identifier broken). (Sara)

New in PHP 7.1.4 (April 12th, 2017)

  • Core:
  • Fixed bug #74149 (static embed SAPI linkage error). (krakjoe)
  • Fixed bug #73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0). (Nikita)
  • Fixed bug #73960 (Leak with instance method calling static method with referenced return). (Nikita)
  • Fixed bug #69676 (Resolution of self::FOO in class constants not correct). (Nikita)
  • Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference to `isfinite'). (Nikita)
  • Fixed bug #74302 (yield fromLABEL is over-greedy). (Sara)
  • Apache:
  • Reverted patch for bug #61471, fixes bug #74318. (Anatol)
  • Date:
  • Fixed bug #72096 (Swatch time value incorrect for dates before 1970). (mcq8)
  • DOM:
  • Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*). (somedaysummer)
  • iconv:
  • Fixed bug #74230 (iconv fails to fail on surrogates). (Anatol)
  • Opcache:
  • Fixed bug #74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes). (Nikita)
  • OpenSSL:
  • Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work). (Jakub Zelenka)
  • PDO MySQL:
  • Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface). (Thomas Orozco)
  • SPL:
  • Fixed bug #74058 (ArrayObject can not notice changes). (Andrew Nester)
  • Sqlite:
  • Implemented FR #74217 (Allow creation of deterministic sqlite functions). (Andrew Nester)
  • Streams:
  • Fixed bug #74216 (Correctly fail on invalid IP address ports). (Sara)
  • Zlib:
  • Fixed bug #74240 (deflate_add can allocate too much memory). (Matt Bonneau)

New in PHP 7.1.4 RC 1 (March 29th, 2017)

  • Core:
  • Fixed bug #74149 (static embed SAPI linkage error). (krakjoe)
  • Fixed bug #73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0). (Nikita)
  • Fixed bug #73960 (Leak with instance method calling static method with referenced return). (Nikita)
  • Fixed bug #69676 (Resolution of self::FOO in class constants not correct). (Nikita)
  • Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference to `isfinite'). (Nikita)
  • Fixed bug #74302 (yield fromLABEL is over-greedy). (Sara)
  • Apache:
  • Reverted patch for bug #61471, fixes bug #74318. (Anatol)
  • Date:
  • Fixed bug #72096 (Swatch time value incorrect for dates before 1970). (mcq8)
  • DOM:
  • Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*). (somedaysummer)
  • iconv:
  • Fixed bug #74230 (iconv fails to fail on surrogates). (Anatol)
  • Opcache:
  • Fixed bug #74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes). (Nikita)
  • OpenSSL:
  • Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work). (Jakub Zelenka)
  • PDO MySQL:
  • Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface). (Thomas Orozco)
  • SPL:
  • Fixed bug #74058 (ArrayObject can not notice changes). (Andrew Nester)
  • Sqlite:
  • Implemented FR #74217 (Allow creation of deterministic sqlite functions). (Andrew Nester)
  • Streams:
  • Fixed bug #74216 (Correctly fail on invalid IP address ports). (Sara)
  • Zlib:
  • Fixed bug #74240 (deflate_add can allocate too much memory). (Matt Bonneau)

New in PHP 7.1.3 (March 15th, 2017)

  • Core:
  • Fixed bug #74157 (Segfault with nested generators). (Laruence)
  • Fixed bug #74164 (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg). (Laruence)
  • Fixed bug #74093 (Maximum execution time of n+2 seconds exceed not written in error_log). (Laruence)
  • Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite). (Dmitry, Laruence)
  • Fixed bug #74084 (Out of bound read zend_mm_alloc_small). (Laruence)
  • Fixed bug #73807 (Performance problem with processing large post request). (Nikita)
  • Fixed bug #73998 (array_key_exists fails on arrays created by get_object_vars). (mhagstrand)
  • Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea)
  • Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled build). (ondrej)
  • Apache:
  • Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP). (Zheng Shao)
  • Date:
  • Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value). (Derick)
  • FPM:
  • Fixed bug #69860 (php-fpm process accounting is broken with keepalive). (Denis Yeldandi)
  • Hash:
  • Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence). (Grundik)
  • GD:
  • Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters). (finwe)
  • Mysqlnd:
  • Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB). (Andrew Nester, Nikita)
  • Opcache:
  • Fixed bug #74019 (Segfault with list). (Laruence)
  • OpenSSL:
  • Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file). (Anatol)
  • Fixed bug #74099 (Memory leak with openssl_encrypt()). (Andrew Nester)
  • Standard:
  • Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed). (Anatol)
  • Fixed bug #74041 (substr_count with length=0 broken). (Nikita)
  • Fixed bug #73118 (is_callable callable name reports misleading value for anonymous classes). (Adam Saponara)
  • Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is not available). (Benjamin Robin)
  • Streams:
  • Fixed bug #73496 (Invalid memory access in zend_inline_hash_func). (Laruence)
  • Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string). (Anatol)

New in PHP 7.1.3 RC 1 (February 28th, 2017)

  • Core:
  • Fixed bug #74157 (Segfault with nested generators). (Laruence)
  • Fixed bug #74164 (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg). (Laruence)
  • Fixed bug #74093 (Maximum execution time of n+2 seconds exceed not written in error_log). (Laruence)
  • Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite). (Dmitry, Laruence)
  • Fixed bug #74084 (Out of bound read zend_mm_alloc_small). (Laruence)
  • Fixed bug #73807 (Performance problem with processing large post request). (Nikita)
  • Fixed bug #73998 (array_key_exists fails on arrays created by get_object_vars). (mhagstrand)
  • Fixed bug #73954 (NAN check fails on Alpine Linux with musl). (Andrea)
  • Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled build). (ondrej)
  • Apache:
  • Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP). (Zheng Shao)
  • Date:
  • Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value). (Derick)
  • FPM:
  • Fixed bug #69860 (php-fpm process accounting is broken with keepalive). (Denis Yeldandi)
  • Hash:
  • Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence). (Grundik)
  • GD:
  • Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters). (finwe)
  • Mysqlnd:
  • Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB). (Andrew Nester, Nikita)
  • Opcache:
  • Fixed bug #74019 (Segfault with list). (Laruence)
  • OpenSSL:
  • Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file). (Anatol)
  • Fixed bug #74099 (Memory leak with openssl_encrypt()). (Andrew Nester)
  • Fixed bug #74159 (Writing a large buffer to a non-blocking encrypted stream fails with "bad write retry"). (trowski)
  • Standard:
  • Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed). (Anatol)
  • Fixed bug #74041 (substr_count with length=0 broken). (Nikita)
  • Fixed bug #73118 (is_callable callable name reports misleading value for anonymous classes). (Adam Saponara)
  • Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is not available). (Benjamin Robin)
  • Streams:
  • Fixed bug #73496 (Invalid memory access in zend_inline_hash_func). (Laruence)
  • Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string). (Anatol)

New in PHP 7.1.2 (February 15th, 2017)

  • Core:
  • Improved GENERATOR_CREATE opcode handler. (Bob, Dmitry)
  • Fixed bug #73877 (readlink() returns garbage for UTF-8 paths). (Anatol)
  • Fixed bug #73876 (Crash when exporting **= in expansion of assign op).
  • (Sara)
  • Fixed bug #73962 (bug with symlink related to cyrillic directory). (Anatol)
  • Fixed bug #73969 (segfault in debug_print_backtrace). (andrewnester)
  • Fixed bug #73994 (arginfo incorrect for unpack). (krakjoe)
  • Fixed bug #73973 (assertion error in debug_zval_dump). (andrewnester)
  • DOM:
  • Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
  • (aboks)
  • DTrace:
  • Fixed bug #73965 (DTrace reported as enabled when disabled). (Remi)
  • FCGI:
  • Fixed bug #73904 (php-cgi fails to load -c specified php.ini file). (Anatol)
  • Fixed bug #72898 (PHP_FCGI_CHILDREN is not included in phpinfo()). (Anatol)
  • FPM:
  • Fixed bug #69865 (php-fpm does not close stderr when using syslog). (m6w6)
  • GD:
  • Fixed bug #73968 (Premature failing of XBM reading). (cmb)
  • GMP:
  • Fixed bug #69993 (test for gmp.h needs to test machine includes).
  • (Jordan Gigov)
  • Hash:
  • Added hash_hkdf() function. (Andrey Andreev)
  • Fixed bug #73961 (environmental build dependency in hash sha3 source).
  • (krakjoe)
  • Intl:
  • Fix bug #73956 (Link use CC instead of CXX). (Remi)
  • LDAP:
  • Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
  • (Laruence)
  • MySQLi:
  • Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe)
  • Mysqlnd:
  • Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
  • (Richard Fussenegger)
  • Opcache:
  • Fixed bug #73983 (crash on finish work with phar in cli + opcache).
  • (Anatol)
  • OpenSSL:
  • Fixed bug #71519 (add serial hex to return value array). (xrobau)
  • Fixed bug #73692 (Compile ext/openssl with openssl 1.1.0 on Win). (Anatol)
  • Fixed bug #73978 (openssl_decrypt triggers bug in PDO). (Jakub Zelenka)
  • PDO_Firebird:
  • Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci)
  • PDO_PgSQL:
  • Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name). (andrewnester)
  • Phar:
  • Fixed bug #70417 (PharData::compress() doesn't close temp file). (cmb)
  • posix:
  • Fixed bug #71219 (configure script incorrectly checks for ttyname_r). (atoh)
  • Session:
  • Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov)
  • SPL:
  • Fixed bug #73896 (spl_autoload() crashes when calls magic _call()). (Dmitry)
  • Standard:
  • Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph)
  • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with
  • "Transfer-Encoding: chunked"). (Rowan Collins)
  • Fixed bug #72974 (imap is undefined service on AIX). (matthieu.sarter)
  • Fixed bug #72979 (money_format stores wrong length AIX). (matthieu.sarter)
  • Fixed bug #73374 (intval() with base 0 should detect binary). (Leigh)
  • Fixed bug #69061 (mail.log = syslog contains double information).
  • (Tom Sommer)
  • ZIP:
  • Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option). (cmb,
  • Mitch Hagstrand)

New in PHP 7.1.2 RC 1 (January 31st, 2017)

  • Core:
  • Improved GENERATOR_CREATE opcode handler. (Bob, Dmitry)
  • Fixed bug #73877 (readlink() returns garbage for UTF-8 paths). (Anatol)
  • Fixed bug #73876 (Crash when exporting **= in expansion of assign op). (Sara)
  • Fixed bug #73962 (bug with symlink related to cyrillic directory). (Anatol)
  • Fixed bug #73969 (segfault in debug_print_backtrace). (andrewnester)
  • Fixed bug #73994 (arginfo incorrect for unpack). (krakjoe)
  • Fixed bug #73973 (assertion error in debug_zval_dump). (andrewnester)
  • Fixed bug #73987 (Method compatibility check looks to original definition and not parent). (pmmaga)
  • DOM:
  • Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes). (aboks)
  • Fixed bug #50989 (support for LIBXML_NOXMLDECL). (jhdxr)
  • DTrace:
  • Fixed bug #73965 (DTrace reported as enabled when disabled). (Remi)
  • FCGI:
  • Fixed bug #73904 (php-cgi fails to load -c specified php.ini file). (Anatol)
  • Fixed bug #72898 (PHP_FCGI_CHILDREN is not included in phpinfo()). (Anatol)
  • FPM:
  • Fixed bug #69865 (php-fpm does not close stderr when using syslog). (m6w6)
  • GD:
  • Fixed bug #73968 (Premature failing of XBM reading). (cmb)
  • GMP:
  • Fixed bug #69993 (test for gmp.h needs to test machine includes). (Jordan Gigov)
  • Hash:
  • Added hash_hkdf() function. (Andrey Andreev)
  • Fixed bug #73961 (environmental build dependency in hash sha3 source). (krakjoe)
  • Intl:
  • Fix bug #73956 (Link use CC instead of CXX). (Remi)
  • LDAP:
  • Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache). (Laruence)
  • MySQLi:
  • Fixed bug #73949 (leak in mysqli_fetch_object). (krakjoe)
  • Mysqlnd:
  • Fixed bug #69899 (segfault on close() after free_result() with mysqlnd). (Richard Fussenegger)
  • Opcache:
  • Fixed bug #73983 (crash on finish work with phar in cli + opcache). (Anatol)
  • OpenSSL:
  • Fixed bug #71519 (add serial hex to return value array). (xrobau)
  • Fixed bug #73692 (Compile ext/openssl with openssl 1.1.0 on Win). (Anatol)
  • Fixed bug #73978 (openssl_decrypt triggers bug in PDO). (Jakub Zelenka)
  • PDO_Firebird:
  • Implemented FR #72583 (All data are fetched as strings). (Dorin Marcoci)
  • PDO_PgSQL:
  • Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name). (andrewnester)
  • Phar:
  • Fixed bug #70417 (PharData::compress() doesn't close temp file). (cmb)
  • posix:
  • Fixed bug #71219 (configure script incorrectly checks for ttyname_r). (atoh)
  • Session:
  • Fixed bug #69582 (session not readable by root in CLI). (EvgeniySpinov)
  • SPL:
  • Fixed bug #73896 (spl_autoload() crashes when calls magic _call()). (Dmitry)
  • Standard:
  • Fixed bug #69442 (closing of fd incorrect when PTS enabled). (jaytaph)
  • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"). (Rowan Collins)
  • Fixed bug #72974 (imap is undefined service on AIX). (matthieu.sarter)
  • Fixed bug #72979 (money_format stores wrong length AIX). (matthieu.sarter)
  • Fixed bug #73374 (intval() with base 0 should detect binary). (Leigh)
  • Fixed bug #69061 (mail.log = syslog contains double information). (Tom Sommer)
  • ZIP:
  • Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option). (cmb, Mitch Hagstrand)

New in PHP 7.1.1 (January 18th, 2017)

  • Core:
  • Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry)
  • Fixed bug #73686 (Adding settype()ed values to ArrayObject results in references). (Nikita, Laruence)
  • Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created with list()). (Laruence)
  • Fixed bug #73727 (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h). (Nikita)
  • Fixed bug #73753 (unserialized array pointer not advancing). (David Walker)
  • Fixed bug #73783 (SIG_IGN doesn't work when Zend Signals is enabled). (David Walker)
  • Fixed bug #73825 (Heap out of bounds read on unserialize in finish_nested_data()). (Stas)
  • Fixed bug #73831 (NULL Pointer Dereference while unserialize php object). (Stas)
  • Fixed bug #73832 (Use of uninitialized memory in unserialize()). (Stas)
  • CLI:
  • Fixed bug #72555 (CLI output(japanese) on Windows). (Anatol)
  • COM:
  • Fixed bug #73679 (DOTNET read access violation using invalid codepage). (Anatol)
  • DOM:
  • Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
  • EXIF:
  • Bug bug #73737 (FPE when parsing a tag format). (Stas)
  • GD:
  • Fixed bug #73869 (Signed Integer Overflow gd_io.c). (cmb)
  • Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (cmb)
  • Mbstring:
  • Fixed bug #73646 (mb_ereg_search_init null pointer dereference). (Laruence)
  • Mysqli:
  • Fixed bug #73462 (Persistent connections don't set $connect_errno). (darkain)
  • Mysqlnd:
  • Optimized handling of BIT fields less memory copies and lower memory usage. (Andrey)
  • Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE). (vanviegen)
  • Opcache:
  • Fixed bug #73789 (Strange behavior of class constants in switch/case block). (Laruence)
  • Fixed bug #73746 (Method that returns string returns UNKNOWN:0 instead). (Laruence)
  • Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita)
  • Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by minus 1). (Nikita)
  • Fixed bug #73847 (Recursion when a variable is redefined as array). (Nikita)
  • PDO_Firebird:
  • Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement). (Dorin Marcoci)
  • Phar:
  • Fixed bug #73773 (Seg fault when loading hostile phar). (Stas)
  • Fixed bug #73768 (Memory corruption when loading hostile phar). (Stas)
  • Fixed bug #73764 (Crash while loading hostile phar archive). (Stas)
  • phpdbg:
  • Fixed bug #73794 (Crash (out of memory) when using run and # command separator). (Bob)
  • Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob)
  • SQLite3:
  • Reverted fix for bug #73530 (Unsetting result set may reset other result set). (cmb)
  • Standard:
  • Fixed bug #73594 (dns_get_record does not populate $additional out parameter). (Bruce Weirdan)
  • Fixed bug #70213 (Unserialize context shared on double class lookup). (Taoguang Chen)
  • Fixed bug #73154 (serialize object with __sleep function crash). (Nikita)
  • Fixed bug #70490 (get_browser function is very slow). (Nikita)
  • Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage). (Nikita)
  • Add subject to mail log. (tomsommer)
  • Fixed bug #31875 (get_defined_functions additional param to exclude disabled functions). (willianveiga)
  • Zlib
  • Fixed bug #73373 (deflate_add does not verify that output was not truncated). (Matt Bonneau)

New in PHP 7.1.1 RC 1 (January 5th, 2017)

  • Core:
  • Fixed bug #73792 (invalid foreach loop hangs script). (Dmitry)
  • Fixed bug #73686 (Adding settype()ed values to ArrayObject results in references). (Nikita, Laruence)
  • Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created with list()). (Laruence)
  • Fixed bug #73727 (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h). (Nikita)
  • Fixed bug #73753 (unserialized array pointer not advancing). (David Walker)
  • Fixed bug #73783 (SIG_IGN doesn't work when Zend Signals is enabled). (David Walker)
  • CLI:
  • Fixed bug #72555 (CLI output(japanese) on Windows). (Anatol)
  • COM:
  • Fixed bug #73679 (DOTNET read access violation using invalid codepage). (Anatol)
  • DOM:
  • Fixed bug #67474 (getElementsByTagNameNS filter on default ns). (aboks)
  • Mbstring:
  • Fixed bug #73646 (mb_ereg_search_init null pointer dereference). (Laruence)
  • Mysqli:
  • Fixed bug #73462 (Persistent connections don't set $connect_errno). (darkain)
  • Mysqlnd:
  • Optimized handling of BIT fields less memory copies and lower memory usage. (Andrey)
  • Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE). (vanviegen)
  • Opcache:
  • Fixed bug #73789 (Strange behavior of class constants in switch/case block). (Laruence)
  • Fixed bug #73746 (Method that returns string returns UNKNOWN:0 instead). (Laruence)
  • Fixed bug #73654 (Segmentation fault in zend_call_function). (Nikita)
  • Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by minus 1). (Nikita)
  • Fixed bug #73847 (Recursion when a variable is redefined as array). (Nikita)
  • PDO_Firebird:
  • Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement). (Dorin Marcoci)
  • phpdbg:
  • Fixed bug #73794 (Crash (out of memory) when using run and # command separator). (Bob)
  • Fixed bug #73704 (phpdbg shows the wrong line in files with shebang). (Bob)
  • SQLite3:
  • Reverted fix for bug #73530 (Unsetting result set may reset other result set). (cmb)
  • Standard:
  • Fixed bug #73594 (dns_get_record does not populate $additional out parameter). (Bruce Weirdan)
  • Fixed bug #70213 (Unserialize context shared on double class lookup). (Taoguang Chen)
  • Fixed bug #73154 (serialize object with __sleep function crash). (Nikita)
  • Fixed bug #70490 (get_browser function is very slow). (Nikita)
  • Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage). (Nikita)
  • Add subject to mail log. (tomsommer)
  • Fixed bug #31875 (get_defined_functions additional param to exclude disabled functions). (willianveiga)
  • Zlib
  • Fixed bug #73373 (deflate_add does not verify that output was not truncated). (Matt Bonneau)

New in PHP 7.1.0 (December 2nd, 2016)

  • Core:
  • Added nullable types.
  • Added DFA optimization framework based on e-SSA form.
  • Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).
  • Added [] = as alternative construct to list() =.
  • Added void return type.
  • Added support for negative string offsets in string offset syntax and various string functions.
  • Added a form of the list() construct where keys can be specified.
  • Implemented safe execution timeout handling, that prevents random crashes after "Maximum execution time exceeded" error.
  • Implemented the RFC `Support Class Constant Visibility`.
  • Implemented the RFC `Catching multiple exception types`.
  • Implemented logging to syslog with dynamic error levels.
  • Implemented FR #72614 (Support "nmake test" on building extensions by phpize).
  • Implemented RFC: Iterable.
  • Implemented RFC: Closure::fromCallable (Danack)
  • Implemented RFC: Replace "Missing argument" warning with "ArgumentCountError" exception.
  • Implemented RFC: Fix inconsistent behavior of $this variable.
  • Fixed bug #73585 (Logging of "Internal Zend error - Missing class information" missing class name).
  • Fixed memory leak(null coalescing operator with Spl hash).
  • Fixed bug #72736 (Slow performance when fetching large dataset with mysqli / PDO).
  • Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
  • Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images).
  • Fixed bug #73350 (Exception::__toString() cause circular references).
  • Fixed bug #73329 ((Float)"Nano" == NAN).
  • Fixed bug #73288 (Segfault in __clone > Exception.toString > __get).
  • Fixed for #73240 (Write out of bounds at number_format).
  • Fix pthreads detection when cross-compiling (ffontaine)
  • Fixed bug #73337 (try/catch not working with two exceptions inside a same operation).
  • Fixed bug #73156 (segfault on undefined function).
  • Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
  • Fixed bug #73172 (parse error: Invalid numeric literal).
  • Fixed bug #73181 (parse_str() without a second argument leads to crash).
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
  • Fixed bug #73058 (crypt broken when salt is 'too' long).
  • Fixed bug #72944 (Null pointer deref in zval_delref_p).
  • Fixed bug #72943 (assign_dim on string doesn't reset hval).
  • Fixed bug #72598 (Reference is lost after array_slice()) (Nikita)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
  • Fixed bug #72813 (Segfault with __get returned by ref).
  • Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
  • TypeError messages for arg_info type checks will now say "must be ... or null" where the parameter or return type accepts null.
  • Fixed bug #72857 (stream_socket_recvfrom read access violation).
  • Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).
  • Fixed bug #72681 (PHP Session Data Injection Vulnerability).
  • Fixed bug #72742 (memory allocator fails to realloc small block to large one).
  • Fixed URL rewriter. It would not rewrite '//example.com/' URL unconditionally. URL rewrite target hosts whitelist is implemented.
  • Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
  • Fixed bug #72683 (getmxrr broken).
  • Fixed bug #72629 (Caught exception assignment to variables ignores references).
  • Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals).
  • Fixed bug #72581 (previous property undefined in Exception after deserialization).
  • Fixed bug #72543 (Different references behavior comparing to PHP 5) (Laruence, Dmitry, Nikita)
  • Fixed bug #72347 (VERIFY_RETURN type casts visible in finally).
  • Fixed bug #72216 (Return by reference with finally is not memory safe).
  • Fixed bug #72215 (Wrong return value if var modified in finally).
  • Fixed bug #71818 (Memory leak when array altered in destructor).
  • Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes) (Dmitry, Nikita)
  • Added new constant PHP_FD_SETSIZE.
  • Added optind parameter to getopt().
  • Added PHP to SAPI error severity mapping for logs.
  • Fixed bug #71911 (Unable to set --enable-debug on building extensions by phpize on Windows).
  • Fixed bug #29368 (The destructor is called when an exception is thrown from the constructor).
  • Implemented RFC: RNG Fixes.
  • Implemented email validation as per RFC 6531.
  • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex).
  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
  • Fixed bug #72523 (dtrace issue with reflection (failed test)).
  • Fixed bug #72508 (strange references after recursive function call and "switch" statement).
  • Fixed bug #72441 (Segmentation fault: RFC list_keys).
  • Fixed bug #72395 (list() regression).
  • Fixed bug #72373 (TypeError after Generator function w/declared return type finishes).
  • Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir).
  • Fixed UTF-8 and long path support on Windows.
  • Fixed bug #53432 (Assignment via string index access on an empty string converts to array).
  • Fixed bug #62210 (Exceptions can leak temporary variables).
  • Fixed bug #62814 (It is possible to stiffen child class members visibility).
  • Fixed bug #69989 (Generators don't participate in cycle GC).
  • Fixed bug #70228 (Memleak if return in finally block).
  • Fixed bug #71266 (Missing separation of properties HT in foreach etc).
  • Fixed bug #71604 (Aborted Generators continue after nested finally).
  • Fixed bug #71572 (String offset assignment from an empty string inserts null byte).
  • Fixed bug #71897 (ASCII 0x7F Delete control character permitted in identifiers).
  • Fixed bug #72188 (Nested try/finally blocks losing return value).
  • Fixed bug #72213 (Finally leaks on nested exceptions).
  • Fixed bug #47517 (php-cgi.exe missing UAC manifest).
  • Change statement and fcall extension handlers to accept frame.
  • Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs when given malformed numeric strings.
  • (int), intval() where $base is 10 or unspecified, settype(), decbin(), decoct(), dechex(), integer operators and other conversions now always respect scientific notation in numeric strings.
  • Raise a compile-time warning on octal escape sequence overflow.
  • Apache2handler:
  • Enable per-module logging in Apache 2.4+.
  • BCmath:
  • Fix bug #73190 (memcpy negative parameter _bc_new_num_ex).
  • Bz2:
  • Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
  • Fixed bug #72613 (Inadequate error handling in bzread()).
  • Calendar:
  • Fix integer overflows (Joshua Rogers)
  • Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
  • Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
  • CLI Server:
  • Fixed bug #73360 (Unable to work in root with unicode chars).
  • Fixed bug #71276 (Built-in webserver does not send Date header).
  • COM:
  • Fixed bug #73126 (Cannot pass parameter 1 by reference).
  • Fixed bug #69579 (Invalid free in extension trait).
  • Fixed bug #72922 (COM called from PHP does not return out parameters).
  • Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).
  • Fixed bug #72498 (variant_date_from_timestamp null dereference).
  • Curl:
  • Implement support for handling HTTP/2 Server Push.
  • Add curl_multi_errno(), curl_share_errno() and curl_share_strerror() functions.
  • Fixed bug #72674 (Heap overflow in curl_escape).
  • Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas).
  • Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
  • Fixed bug #71929 (CURLINFO_CERTINFO data parsing error).
  • Date:
  • Fixed bug #69587 (DateInterval properties and isset).
  • Fixed bug #73426 (createFromFormat with 'z' format char results in incorrect time).
  • Fixed bug #45554 (Inconsistent behavior of the u format char).
  • Fixed bug #48225 (DateTime parser doesn't set microseconds for "now").
  • Fixed bug #52514 (microseconds are missing in DateTime class).
  • Fixed bug #52519 (microseconds in DateInterval are missing).
  • Fixed bug #60089 (DateTime::createFromFormat() U after u nukes microtime).
  • Fixed bug #64887 (Allow DateTime modification with subsecond items).
  • Fixed bug #68506 (General DateTime improvments needed for microseconds to become useful).
  • Fixed bug #73109 (timelib_meridian doesn't parse dots correctly).
  • Fixed bug #73247 (DateTime constructor does not initialise microseconds property).
  • Fixed bug #73147 (Use After Free in PHP7 unserialize()).
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
  • Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).
  • Invalid serialization data for a DateTime or DatePeriod object will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.
  • Timezone initialization failure from serialized data will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.
  • Export date_get_interface_ce() for extension use.
  • Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).
  • Dba:
  • Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
  • Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.
  • DOM:
  • Fixed bug #73150 (missing NULL check in dom_document_save_html).
  • Fixed bug #66502 (DOM document dangling reference).
  • Invalid schema or RelaxNG validation contexts will throw an instance of Error instead of resulting in a fatal error.
  • Attempting to register a node class that does not extend the appropriate base class will now throw an instance of Error instead of resulting in a fatal error.
  • Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.
  • DTrace:
  • Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
  • EXIF:
  • Fixed bug #72735 (Samsung picture thumb not read (zero size)).
  • Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF).
  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
  • Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
  • Fixed bug #73054 (default option ignored when object passed to int filter).
  • Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
  • FPM:
  • Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
  • FTP:
  • Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
  • Implemented FR #55651 (Option to ignore the returned FTP PASV address).
  • GD:
  • Fixed bug #73213 (Integer overflow in imageline() with antialiasing).
  • Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()).
  • Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()).
  • Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory).
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
  • Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images).
  • Fixed bug #72913 (imagecopy() loses single-color transparency on palette images).
  • Fixed bug #68716 (possible resource leaks in _php_image_convert()).
  • Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles).
  • Fixed bug #72697 (select_colors write out-of-bounds).
  • Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
  • Fixed bug #72596 (imagetypes function won't advertise WEBP support).
  • Fixed bug #72604 (imagearc() ignores thickness for full arcs).
  • Fixed bug #70315 (500 Server Error but page is fully rendered).
  • Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
  • Fixed bug #72519 (imagegif/output out-of-bounds access).
  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
  • Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
  • Fixed bug #72494 (imagecropauto out-of-bounds access).
  • Fixed bug #72404 (imagecreatefromjpeg fails on selfie).
  • Fixed bug #43475 (Thick styled lines have scrambled patterns).
  • Fixed bug #53640 (XBM images require width to be multiple of 8).
  • Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line).
  • Hash:
  • Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).
  • Added SHA512/256 and SHA512/224 algorithms.
  • iconv:
  • Fixed bug #72320 (iconv_substr returns false for empty strings).
  • IMAP:
  • Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
  • An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.
  • Interbase:
  • Fixed bug #73512 (Fails to find firebird headers as don't use fb_config output).
  • Intl:
  • Fixed bug #73007 (add locale length check).
  • Fixed bug #73218 (add mitigation for ICU int overflow).
  • Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence).
  • Fixed bug #73007 (add locale length check).
  • Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
  • Fixed bug #72658 (Locale::lookup() / locale_lookup() hangs if no match found).
  • Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
  • Failure to call the parent constructor in a class extending Collator before invoking the parent methods will throw an instance of Error instead of resulting in a recoverable fatal error.
  • Cloning a Transliterator object may will now throw an instance of Error instead of resulting in a fatal error if cloning the internal transliterator fails.
  • Added IntlTimeZone::getWindowsID() and IntlTimeZone::getIDForWindowsID().
  • Fixed bug #69374 (IntlDateFormatter formatObject returns wrong utf8 value).
  • Fixed bug #69398 (IntlDateFormatter formatObject returns wrong value when time style is NONE).
  • JSON:
  • Introduced encoder struct instead of global which fixes bugs #66025 and #73254 related to pretty print indentation.
  • Fixed bug #73113 (Segfault with throwing JsonSerializable).
  • Implemented earlier return when json_encode fails, fixes bugs #68992 (Stacking exceptions thrown by JsonSerializable) and #70275 (On recursion error, json_encode can eat up all system memory).
  • Implemented FR #46600 ("_empty_" key in objects).
  • Exported JSON parser API including json_parser_method that can be used for implementing custom logic when parsing JSON.
  • Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore the previous behaviour.
  • LDAP:
  • Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.
  • Mbstring:
  • Fixed bug #73532 (Null pointer dereference in mb_eregi).
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
  • Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on failure).
  • Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
  • Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
  • Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
  • Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
  • Deprecated mb_ereg_replace() eval option.
  • Fixed bug #69151 (mb_ereg should reject ill-formed byte sequence).
  • Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).
  • Fixed bug #72399 (Use-After-Free in MBString (search_re)).
  • mb_ereg() and mb_eregi() will now throw an instance of ParseError if an invalid PHP expression is provided and the 'e' option is used.
  • Mcrypt:
  • Deprecated ext/mcrypt.
  • Fixed bug #72782 (Heap Overflow due to integer overflows).
  • Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic).
  • mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error instead of resulting in a fatal error if mcrypt cannot be initialized.
  • Mysqli:
  • Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.
  • Mysqlnd:
  • Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).
  • Fixed bug #71863 (Segfault when EXPLAIN with "Unknown column" error when using MariaDB).
  • Fixed bug #72701 (mysqli_get_host_info() wrong output).
  • OCI8:
  • Fixed bug #71148 (Bind reference overwritten on PHP 7).
  • Fixed invalid handle error with Implicit Result Sets.
  • Fixed bug #72524 (Binding null values triggers ORA-24816 error).
  • ODBC:
  • Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
  • Opcache:
  • Fixed bug #73583 (Segfaults when conditionally declared class and function have the same name).
  • Fixed bug #69090 (check cached files permissions)
  • Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
  • Fixed bug #72949 (Typo in opcache error message).
  • Fixed bug #72762 (Infinite loop while parsing a file with opcache enabled).
  • Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
  • OpenSSL:
  • Fixed bug #73478 (openssl_pkey_new() generates wrong pub/priv keys with Diffie Hellman).
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
  • Fixed bug #72360 (ext/openssl build failure with OpenSSL 1.1.0).
  • Bumped a minimal version to 1.0.1.
  • Dropped support for SSL2.
  • Implemented FR #61204 (Add elliptic curve support for OpenSSL).
  • Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt).
  • Implemented error storing to the global queue and cleaning up the OpenSSL error queue (resolves bugs #68276 and #69882).
  • Pcntl:
  • Implemented asynchronous signal handling without TICKS.
  • Added pcntl_signal_get_handler() that returns the current signal handler for a particular signal. Addresses FR #72409.
  • Add signinfo to pcntl_signal() handler args (Bishop Bettini, David Walker)
  • PCRE:
  • Fixed bug #73483 (Segmentation fault on pcre_replace_callback).
  • Fixed bug #73612 (preg_*() may leak memory).
  • Fixed bug #73392 (A use-after-free in zend allocator management).
  • Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
  • Fixed bug #72688 (preg_match missing group names in matches).
  • Downgraded to PCRE 8.38.
  • Fixed bug #72476 (Memleak in jit_stack).
  • Fixed bug #72463 (mail fails with invalid argument).
  • Upgraded to PCRE 8.39.
  • PDO:
  • Fixed bug #72788 (Invalid memory access when using persistent PDO connection).
  • Fixed bug #72791 (Memory leak in PDO persistent connection handling).
  • Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false).
  • PDO_DBlib:
  • Fixed bug #72414 (Never quote values as raw binary data).
  • Allow PDO::setAttribute() to set query timeouts.
  • Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
  • Add common PDO test suite.
  • Free error and message strings when cleaning up PDO instances.
  • Fixed bug #67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
  • Ignore potentially misleading dberr values.
  • Implemented stringify 'uniqueidentifier' fields.
  • PDO_Firebird:
  • Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam).
  • Fixed bug #60052 (Integer returned as a 64bit integer on X86_64).
  • PDO_pgsql:
  • Fixed bug #70313 (PDO statement fails to throw exception).
  • Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).
  • Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).
  • Phar:
  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile).
  • Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
  • phpdbg:
  • Added generator command for inspection of currently alive generators.
  • Postgres:
  • Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).
  • Implemented FR #31021 (pg_last_notice() is needed to get all notice messages).
  • Implemented FR #48532 (Allow pg_fetch_all() to index numerically).
  • Readline:
  • Fixed bug #72538 (readline_redisplay crashes php).
  • Reflection:
  • Undo backwards compatiblity break in ReflectionType->__toString() and deprecate via documentation instead.
  • Reverted prepending for class names.
  • Implemented request #38992 (invoke() and invokeArgs() static method calls should match). (cmb).
  • Add ReflectionNamedType::getName(). This method should be used instead of ReflectionType::__toString()
  • Prepend for class names and ? for nullable types returned from ReflectionType::__toString().
  • Fixed bug #72661 (ReflectionType::__toString crashes with iterable).
  • Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
  • Failure to retrieve a reflection object or retrieve an object property will now throw an instance of Error instead of resulting in a fatal error.
  • Fix #72209 (ReflectionProperty::getValue() doesn't fail if object doesn't match type).
  • Session:
  • Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored).
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
  • Fixed bug #68015 (Session does not report invalid uid for files save handler).
  • Fixed bug #72940 (SID always return "name=ID", even if session cookie exist).
  • Implemented session_gc() (Yasuo) http://wiki.php.net/rfc/session-create-id
  • Implemented session_create_id() (Yasuo) http://wiki.php.net/rfc/session-gc
  • Implemented RFC: Session ID without hashing. (Yasuo) http://wiki.php.net/rfc/session-id-without-hashing
  • Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
  • Custom session handlers that do not return strings for session IDs will now throw an instance of Error instead of resulting in a fatal error when a function is called that must generate a session ID.
  • An invalid setting for session.hash_function will throw an instance of Error instead of resulting in a fatal error when a session ID is created.
  • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
  • Improved fix for bug #68063 (Empty session IDs do still start sessions).
  • Fixed bug #71038 (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value.
  • Fixed bug #71394 (session_regenerate_id() must close opened session on errors).
  • SimpleXML:
  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
  • Fixed bug #72971 (SimpleXML isset/unset do not respect namespace).
  • Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement).
  • Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).
  • Creating an unnamed or duplicate attribute will throw an instance of Error instead of resulting in a fatal error.
  • SNMP:
  • Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
  • Soap:
  • Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
  • Fixed bug #73452 (Segfault (Regression for #69152)).
  • Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
  • Fixed bug #73237 (Nested object in "any" element overwrites other fields).
  • Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient) (Keith Smiley)
  • Fixed bug #71711 (Soap Server Member variables reference bug).
  • Fixed bug #71996 (Using references in arrays doesn't work like expected).
  • SPL:
  • Fixed bug #73423 (Reproducible crash with GDB backtrace).
  • Fixed bug #72888 (Segfault on clone on splFileObject).
  • Fixed bug #73029 (Missing type check when unserializing SplArray).
  • Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
  • Fixed bug #72684 (AppendIterator segfault with closed generator).
  • Attempting to clone an SplDirectory object will throw an instance of Error instead of resulting in a fatal error.
  • Calling ArrayIterator::append() when iterating over an object will throw an instance of Error instead of resulting in a fatal error.
  • Fixed bug #55701 (GlobIterator throws LogicException).
  • SQLite3:
  • Update to SQLite 3.15.1.
  • Fixed bug #73530 (Unsetting result set may reset other result set).
  • Fixed bug #73333 (2147483647 is fetched as string).
  • Fixed bug #72668 (Spurious warning when exception is thrown in user defined function).
  • Implemented FR #72653 (SQLite should allow opening with empty filename).
  • Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
  • Implemented FR #71159 (Upgraded bundled SQLite lib to 3.9.2).
  • Standard:
  • Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
  • Fixed bug #73303 (Scope not inherited by eval in assert()).
  • Fixed bug #73192 (parse_url return wrong hostname).
  • Fixed bug #73203 (passing additional_parameters causes mail to fail).
  • Fixed bug #73203 (passing additional_parameters causes mail to fail).
  • Fixed bug #72920 (Accessing a private constant using constant() creates an exception AND warning).
  • Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
  • Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
  • Fixed bug #55451 (substr_compare NULL length interpreted as 0).
  • Fixed bug #72278 (getimagesize returning FALSE on valid jpg).
  • Fixed bug #61967 (unset array item in array_walk_recursive cause inconsistent array).
  • Fixed bug #62607 (array_walk_recursive move internal pointer).
  • Fixed bug #69068 (Exchanging array during array_walk -> memory errors).
  • Fixed bug #70713 (Use After Free Vulnerability in array_walk()/ array_walk_recursive()).
  • Fixed bug #72622 (array_walk + array_replace_recursive create references from nothing).
  • Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
  • Implemented RFC: More precise float values.
  • array_multisort now uses zend_sort instead zend_qsort.
  • Fixed bug #72505 (readfile() mangles files larger than 2G).
  • assert() will throw a ParseError when evaluating a string given as the first argument if the PHP code is invalid instead of resulting in a catchable fatal error.
  • Calling forward_static_call() outside of a class scope will now throw an instance of Error instead of resulting in a fatal error.
  • Added is_iterable() function.
  • Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
  • Fixed bug #71100 (long2ip() doesn't accept integers in strict mode).
  • Implemented FR #55716 (Add an option to pass a custom stream context to get_headers()).
  • Additional validation for parse_url() for login/pass components).
  • Implemented FR #69359 (Provide a way to fetch the current environment variables).
  • unpack() function accepts an additional optional argument $offset.
  • Implemented #51879 stream context socket option tcp_nodelay (Joe)
  • Streams:
  • Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on).
  • Fixed bug #72853 (stream_set_blocking doesn't work).
  • Fixed bug #72743 (Out-of-bound read in php_stream_filter_create).
  • Implemented FR #27814 (Multiple small packets send for HTTP request).
  • Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).
  • Fixed bug #72810 (Missing SKIP_ONLINE_TESTS checks).
  • Fixed bug #41021 (Problems with the ftps wrapper).
  • Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
  • Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
  • Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
  • Fixed bug #72534 (stream_socket_get_name crashes).
  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
  • sysvshm:
  • Fixed bug #72858 (shm_attach null dereference).
  • Tidy:
  • Implemented support for libtidy 5.0.0 and above.
  • Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.
  • Wddx:
  • Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow).
  • Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
  • Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
  • Fixed bug #72750 (wddx_deserialize null dereference).
  • Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
  • Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element).
  • Fixed bug #72860 (wddx_deserialize use-after-free).
  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
  • Fixed bug #72564 (boolean always deserialized as "true") (Remi)
  • A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.
  • XML:
  • Fixed bug #72135 (malformed XML causes fault) (edgarsandi)
  • Fixed bug #72714 (_xml_startElementHandler() segmentation fault).
  • Fixed bug #72085 (SEGV on unknown address zif_xml_parse).
  • XMLRPC:
  • Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).
  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
  • A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.
  • Zip:
  • Fixed bug #68302 (impossible to compile php with zip support).
  • Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).
  • ZipArchive::addGlob() will throw an instance of Error instead of resulting in a fatal error if glob support is not available.

New in PHP 7.0.14 RC 1 (November 23rd, 2016)

  • Core:
  • Fixed memory leak(null coalescing operator with Spl hash). (Tyson Andre)
  • Fixded bug #72736 (Slow performance when fetching large dataset with mysqli / PDO). (Dmitry)
  • Calendar:
  • Fix integer overflows (Joshua Rogers)
  • Date:
  • Fixed bug #69587 (DateInterval properties and isset). (jhdxr)
  • DTrace:
  • Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1. (Dmitry)
  • JSON:
  • Fixed bug #73526 (php_json_encode depth issue). (Jakub Zelenka)
  • Mysqlnd:
  • Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*). (cmb)
  • ODBC:
  • Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes). (Anatol)
  • Opcache:
  • Fixed bug #69090 (check cached files permissions). (dmitry)
  • Fixed bug #73546 (Logging for opcache has an empty file name). (mhagstrand)
  • PCRE:
  • Fixed bug #73483 (Segmentation fault on pcre_replace_callback). (Laruence)
  • Fixed bug #73392 (A use-after-free in zend allocator management). (Laruence)
  • PDO_Firebird:
  • Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam). (Dorin Marcoci)
  • Postgres:
  • Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()). (Craig Duncan)
  • Soap:
  • Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers). (duncan3dc)
  • Fixed bug #73452 (Segfault (Regression for #69152)). (Dmitry)
  • SPL:
  • Fixed bug #73423 (Reproducible crash with GDB backtrace). (Laruence)
  • SQLite3:
  • Fixed bug #73530 (Unsetting result set may reset other result set). (cmb)
  • Standard:
  • Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue). (rowan dot collins at gmail dot com)
  • XML:
  • Fixed bug #72135 (malformed XML causes fault) (edgarsandi)

New in PHP 7.1.0 RC 6 (November 9th, 2016)

  • Core:
  • Fixded bug #72736 (Slow performance when fetching large dataset with mysqli / PDO). (Dmitry)
  • Date:
  • Fixed bug #73426 (createFromFormat with 'z' format char results in incorrect time). (Derick)
  • JSON:
  • Introduced encoder struct instead of global which fixes bugs #66025 and #73254 related to pretty print indentation. (Jakub Zelenka)
  • ODBC:
  • Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes). (Anatol)
  • PCRE:
  • Fixed bug #73392 (A use-after-free in zend allocator management). (Laruence)
  • PDO_Firebird:
  • Fixed bug #73087, #61183, #71494 (Memory corruption in bindParam). (Dorin Marcoci)
  • SPL:
  • Fixed bug #73423 (Reproducible crash with GDB backtrace). (Laruence)

New in PHP 7.0.13 (November 8th, 2016)

  • Core:
  • Fixed bug #73350 (Exception::__toString() cause circular references). (Laruence)
  • Fixed bug #73181 (parse_str() without a second argument leads to crash). (Nikita)
  • Fixed bug #66773 (Autoload with Opcache allows importing conflicting class name to namespace). (Nikita)
  • Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour). (Nikita)
  • Fix pthreads detection when cross-compiling (ffontaine)
  • Fixed bug #73337 (try/catch not working with two exceptions inside a same operation). (Dmitry)
  • Fixed bug #73338 (Exception thrown from error handler causes valgrind warnings (and crashes)). (Bob, Dmitry)
  • Fixed bug #73329 ((Float)"Nano" == NAN). (Anatol)
  • GD:
  • Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
  • Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()). (cmb)
  • Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
  • Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
  • Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow). (cmb)
  • Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (cmb)
  • IMAP:
  • Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash). (Anatol)
  • OCI8:
  • Fixed bug #71148 (Bind reference overwritten on PHP 7). (Oracle Corp.)
  • phpdbg:
  • Properly allow for stdin input from a file. (Bob)
  • Add -s command line option / stdin command for reading script from stdin. (Bob)
  • Ignore non-executable opcodes in line mode of phpdbg_end_oplog(). (Bob)
  • Fixed bug #70776 (Simple SIGINT does not have any effect with -rr). (Bob)
  • Fixed bug #71234 (INI files are loaded even invoked as -n --version). (Bob)
  • Session:
  • Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored). (Nikita)
  • SOAP:
  • Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
  • Fixed bug #73237 (Nested object in "any" element overwrites other fields). (Keith Smiley)
  • Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient) (Keith Smiley)
  • SQLite3:
  • Fixed bug #73333 (2147483647 is fetched as string). (cmb)
  • Standard:
  • Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
  • Fixed bug #71241 (array_replace_recursive sometimes mutates its parameters). (adsr)
  • Wddx:
  • Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (Stas)

New in PHP 7.1.0 RC 5 (October 25th, 2016)

  • Core:
  • Fixed bug #73350 (Exception::__toString() cause circular references). (Laruence)
  • Fixed bug #73329 ((Float)"Nano" == NAN). (Anatol)
  • CLI Server:
  • Fixed bug #73360 (Unable to work in root with unicode chars). (Anatol)
  • SQLite3:
  • Fixed bug #73333 (2147483647 is fetched as string). (cmb)

New in PHP 7.0.13 RC 1 (October 25th, 2016)

  • Core:
  • Fixed bug #73350 (Exception::__toString() cause circular references). (Laruence)
  • Fixed bug #73181 (parse_str() without a second argument leads to crash). (Nikita)
  • Fixed bug #66773 (Autoload with Opcache allows importing conflicting class name to namespace). (Nikita)
  • Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour). (Nikita)
  • Fix pthreads detection when cross-compiling (ffontaine)
  • Fixed bug #73337 (try/catch not working with two exceptions inside a same operation). (Dmitry)
  • Fixed bug #73338 (Exception thrown from error handler causes valgrind warnings (and crashes)). (Bob, Dmitry)
  • Fixed bug #73329 ((Float)"Nano" == NAN). (Anatol)
  • GD:
  • Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
  • Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()). (cmb)
  • Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
  • Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
  • OCI8:
  • Fixed bug #71148 (Bind reference overwritten on PHP 7). (Oracle Corp.)
  • phpdbg:
  • Properly allow for stdin input from a file. (Bob)
  • Add -s command line option / stdin command for reading script from stdin. (Bob)
  • Ignore non-executable opcodes in line mode of phpdbg_end_oplog(). (Bob)
  • Fixed bug #70776 (Simple SIGINT does not have any effect with -rr). (Bob)
  • Fixed bug #71234 (INI files are loaded even invoked as -n --version). (Bob)
  • Session:
  • Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored). (Nikita)
  • SOAP:
  • Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
  • Fixed bug #73237 (Nested object in "any" element overwrites other fields). (Keith Smiley)
  • Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient) (Keith Smiley)
  • SQLite3:
  • Fixed bug #73333 (2147483647 is fetched as string). (cmb)
  • Standard:
  • Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)
  • Fixed bug #71241 (array_replace_recursive sometimes mutates its parameters). (adsr)

New in PHP 7.1.0 RC 4 (October 18th, 2016)

  • Core:
  • Fixed bug #73288 (Segfault in __clone > Exception.toString > __get). (Laruence)
  • Fixed for #73240 (Write out of bounds at number_format). (Stas)
  • BCmath:
  • Fix bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
  • Date:
  • Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick)
  • Fixed bug #48225 (DateTime parser doesn't set microseconds for "now"). (Derick)
  • Fixed bug #52514 (microseconds are missing in DateTime class). (Derick)
  • Fixed bug #52519 (microseconds in DateInterval are missing). (Derick)
  • Fixed bug #60089 (DateTime::createFromFormat() U after u nukes microtime). (Derick)
  • Fixed bug #64887 (Allow DateTime modification with subsecond items). (Derick)
  • Fixed bug #68506 (General DateTime improvments needed for microseconds to become useful). (Derick)
  • Fixed bug #73109 (timelib_meridian doesn't parse dots correctly). (Derick)
  • Fixed bug #73247 (DateTime constructor does not initialise microseconds property). (Derick)
  • Fixed bug #73147 (Use After Free in PHP7 unserialize()). (Stas)
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
  • DOM:
  • Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)
  • GD:
  • Fixed bug #73213 (Integer overflow in imageline() with antialiasing). (cmb)
  • Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()). (cmb)
  • Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()). (cmb)
  • Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf). (cmb)
  • Intl:
  • Fixed bug #73007 (add locale length check). (Stas)
  • Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)
  • OCI8
  • Fixed bug #71148 (Bind reference overwritten on PHP 7). (Oracle Corp.)
  • OpenSSL:
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)
  • Session:
  • Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored). (Nikita)
  • SOAP:
  • Fixed bug #73037 (SoapServer reports Bad Request when gzipped). (Anatol)
  • Fixed bug #73237 (Nested object in "any" element overwrites other fields). (Keith Smiley)
  • SimpleXML:
  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
  • SQLite3:
  • Updated to SQLite3 3.15.0. (cmb)
  • Standard:
  • Fixed bug #73203 (passing additional_parameters causes mail to fail). (cmb)

New in PHP 7.0.12 (October 14th, 2016)

  • Core:
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
  • Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  • Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
  • Fixed bug #73156 (segfault on undefined function). (Dmitry)
  • Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita)
  • Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
  • Fixed for #73240 (Write out of bounds at number_format). (Stas)
  • Fixed bug #73147 (Use After Free in PHP7 unserialize()). (Stas)
  • Fixed bug #73189 (Memcpy negative size parameter php_resolve_path). (Stas)
  • BCmath:
  • Fix bug #73190 (memcpy negative parameter _bc_new_num_ex). (Stas)
  • COM:
  • Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
  • Date:
  • Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation). (Stas)
  • DOM:
  • Fixed bug #73150 (missing NULL check in dom_document_save_html). (Stas)
  • Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
  • Fixed bug #73054 (default option ignored when object passed to int filter). (cmb)
  • GD:
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)
  • Intl:
  • Fixed bug #73218 (add mitigation for ICU int overflow). (Stas)
  • Mbstring:
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo)
  • Mysqlnd:
  • Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)
  • Opcache:
  • Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function). (Laruence)
  • OpenSSL:
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
  • Fixed bug #73276 (crash in openssl_random_pseudo_bytes function). (Stas)
  • Fixed bug #73275 (crash in openssl_encrypt function). (Stas)
  • PCRE:
  • Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390). (Anatol)
  • Fixed bug #73174 (heap overflow in php_pcre_replace_impl). (Stas)
  • PDO_DBlib:
  • Fixed bug #72414 (Never quote values as raw binary data). (Adam Baratz)
  • Allow PDO::setAttribute() to set query timeouts. (Adam Baratz)
  • Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. (Adam Baratz)
  • Add common PDO test suite. (Adam Baratz)
  • Free error and message strings when cleaning up PDO instances. (Adam Baratz)
  • Fixed bug #67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched). (Peter LeBrun)
  • Ignore potentially misleading dberr values. (Chris Kings-Lynne)
  • phpdbg:
  • Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita)
  • Fixed next command not stopping when leaving function. (Bob)
  • Session:
  • Fixed bug #68015 (Session does not report invalid uid for files save handler). (Yasuo)
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). (cmb)
  • SimpleXML:
  • Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()). (Stas)
  • SOAP:
  • Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita)
  • Fixed bug #71996 (Using references in arrays doesn't work like expected). (Nikita)
  • SPL:
  • Fixed bug #73257, #73258 (SplObjectStorage unserialize allows use of non-object as key). (Stas)
  • SQLite3:
  • Updated bundled SQLite3 to 3.14.2. (cmb)
  • Zip:
  • Fixed bug #70752 (Depacking with wrong password leaves 0 length files). (cmb)

New in PHP 7.1.0 RC 3 (September 29th, 2016)

  • Core:
  • Fixed bug #73156 (segfault on undefined function). (Dmitry)
  • Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita)
  • Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
  • Fixed bug #73181 (parse_str() without a second argument leads to crash). (Nikita)
  • COM:
  • Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
  • Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
  • GD:
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)
  • JSON:
  • Fixed bug #73113 (Segfault with throwing JsonSerializable). (julien)
  • PCRE:
  • Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390). (Anatol)
  • PDO_DBlib:
  • Fixed bug #72414 (Never quote values as raw binary data). (Adam Baratz)
  • Allow PDO::setAttribute() to set query timeouts. (Adam Baratz)
  • Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. (Adam Baratz)
  • Add common PDO test suite. (Adam Baratz)
  • Free error and message strings when cleaning up PDO instances. (Adam Baratz)
  • Fixed bug #67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched). (Peter LeBrun)
  • Ignore potentially misleading dberr values. (Chris Kings-Lynne)
  • phpdbg:
  • Added generator command for inspection of currently alive generators. (Bob)
  • Reflection
  • Undo backwards compatiblity break in ReflectionType->__toString() and deprecate via documentation instead. (Nikita)
  • Session:
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). (cmb)

New in PHP 7.0.12 RC 1 (September 28th, 2016)

  • Core:
  • Fixed bug #73067 (__debugInfo crashes when throwing an exception). (Laruence)
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
  • Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  • Fixed bug #69579 (Invalid free in extension trait). (John Boehr)
  • Fixed bug #73156 (segfault on undefined function). (Dmitry)
  • Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value). (Nikita)
  • Fixed bug #73172 (parse error: Invalid numeric literal). (Nikita, Anatol)
  • COM:
  • Fixed bug #73126 (Cannot pass parameter 1 by reference). (Anatol)
  • Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
  • Fixed bug #73054 (default option ignored when object passed to int filter). (cmb)
  • GD:
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
  • Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending). (cmb)
  • Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c). (trylab, cmb)
  • Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box). (Mark Plomer, cmb)
  • Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given). (cmb)
  • Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries). (cmb)
  • Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files). (cmb)
  • Fixed bug #73161 (imagecreatefromgd2() may leak memory). (cmb)
  • Mbstring:
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo)
  • Mysqlnd:
  • Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data). (Nikita)
  • Opcache:
  • Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function). (Laruence)
  • OpenSSL:
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
  • PCRE:
  • Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390). (Anatol)
  • PDO_DBlib:
  • Fixed bug #72414 (Never quote values as raw binary data). (Adam Baratz)
  • Allow PDO::setAttribute() to set query timeouts. (Adam Baratz)
  • Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions. (Adam Baratz)
  • Add common PDO test suite. (Adam Baratz)
  • Free error and message strings when cleaning up PDO instances. (Adam Baratz)
  • Fixed bug #67130 (PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched). (Peter LeBrun)
  • Ignore potentially misleading dberr values. (Chris Kings-Lynne)
  • phpdbg:
  • Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD). (Nikita)
  • Fixed next command not stopping when leaving function. (Bob)
  • Session:
  • Fixed bug #68015 (Session does not report invalid uid for files save handler). (Yasuo)
  • Fixed bug #73100 (session_destroy null dereference in ps_files_path_create). (cmb)
  • SOAP:
  • Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita)
  • Fixed bug #71996 (Using references in arrays doesn't work like expected). (Nikita)
  • SQLite3:
  • Updated bundled SQLite3 to 3.14.2. (cmb)
  • Zip:
  • Fixed bug #70752 (Depacking with wrong password leaves 0 length files). (cmb)

New in PHP 7.1.0 RC 2 (September 14th, 2016)

  • Core:
  • Fixed bug #73067 (__debugInfo crashes when throwing an exception). (Laruence)
  • Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c). (cmb)
  • Fixed bug #73058 (crypt broken when salt is 'too' long). (Anatol)
  • Filter:
  • Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE). (julien)
  • Fixed bug #73054 (default option ignored when object passed to int filter). (cmb)
  • GD:
  • Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette). (cmb)
  • Mbstring:
  • Fixed bug #66964 (mb_convert_variables() cannot detect recursion) (Yasuo)
  • Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset). (Yasuo)
  • Opcache:
  • Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function). (Laruence)
  • OpenSSL:
  • Fixed bug #73072 (Invalid path SNI_server_certs causes segfault). (Jakub Zelenka)
  • Session:
  • Fixed bug #68015 (Session does not report invalid uid for files save handler). (Yasuo)
  • SQLite3:
  • Updated to SQLite3 3.14.2. (cmb)

New in PHP 7.0.11 (September 13th, 2016)

  • Core:
  • Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
  • Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
  • Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
  • Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
  • Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator). (Nikita)
  • Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
  • Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
  • COM:
  • Fixed bug #72922 (COM called from PHP does not return out parameters). (Anatol)
  • Dba:
  • Fixed bug #70825 (Cannot fetch multiple values with group in ini file). (cmb)
  • FTP:
  • Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)
  • GD:
  • Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
  • Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)
  • Fixed bug #72913 (imagecopy() loses single-color transparency on palette images). (cmb)
  • Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
  • iconv:
  • Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
  • IMAP:
  • Fixed bug #72852 (imap_mail null dereference). (Anatol)
  • Intl:
  • Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence). (cmb)
  • Fixed bug #73007 (add locale length check). (Stas)
  • Mysqlnd:
  • Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (Stas)
  • OCI8
  • Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
  • Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
  • Opcache:
  • Fixed bug #72949 (Typo in opcache error message). (cmb)
  • PDO:
  • Fixed bug #72788 (Invalid memory access when using persistent PDO connection). (Keyur)
  • Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
  • Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)
  • PDO_DBlib:
  • Implemented stringify 'uniqueidentifier' fields. (Alexander Zhuravlev, Adam Baratz)
  • PDO_pgsql:
  • Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago Sánchez, Matteo)
  • Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
  • Phar:
  • Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (Stas)
  • Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile). (Stas)
  • Reflection:
  • Fixed bug #72846 (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN). (Laruence)
  • Session:
  • Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita)
  • Fixed bug #72940 (SID always return "name=ID", even if session cookie exist). (Yasuo)
  • SimpleXML:
  • Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
  • Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement). (Nikita)
  • SPL:
  • Fixed bug #73029 (Missing type check when unserializing SplArray). (Stas)
  • Standard:
  • Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri Kenttä)
  • Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
  • Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign). (cmb)
  • Streams:
  • Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
  • Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5). (vhuk)
  • Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)
  • SQLite3:
  • Downgraded bundled SQLite to 3.8.10.2. (Anatol);
  • Sysvshm:
  • Fixed bug #72858 (shm_attach null dereference). (Anatol)
  • XML:
  • Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
  • Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)
  • Wddx:
  • Fixed bug #72860 (wddx_deserialize use-after-free). (Stas)
  • Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (Stas)
  • ZIP:
  • Fixed bug #68302 (impossible to compile php with zip support). (cmb)

New in PHP 7.1.0 RC 1 (September 1st, 2016)

  • Core:
  • Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
  • Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
  • Fixed bug #72598 (Reference is lost after array_slice()) (Nikita)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
  • Implement ArgumentCountError when passing in too few arguments (Davey)
  • COM:
  • Fixed bug #72922 (COM called from PHP does not return out parameters). (Anatol)
  • Dba:
  • Fixed bug #70825 (Cannot fetch multiple values with group in ini file). (cmb)
  • GD:
  • Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)
  • Fixed bug #72913 (imagecopy() loses single-color transparency on palette images). (cmb)
  • Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
  • iconv:
  • Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
  • Intl:
  • Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence). (cmb)
  • JSON:
  • Implemented earlier return when json_encode fails, fixes bugs #68992 (Stacking exceptions thrown by JsonSerializable) and #70275 (On recursion error, json_encode can eat up all system memory). (Jakub Zelenka)
  • mbstring:
  • Fixed bug #66797 (mb_substr only takes 32-bit signed integer). (cmb)
  • Opcache:
  • Fixed bug #72949 (Typo in opcache error message). (cmb)
  • PDO_DBlib:
  • Implemented stringify 'uniqueidentifier' fields. (Alexander Zhuravlev, Adam Baratz)
  • Reflection:
  • Reverted prepending for class names. (Trowski)
  • Session:
  • Fixed bug #72940 (SID always return "name=ID", even if session cookie exist). (Yasuo)
  • Implemented session_gc() and session_create_id() functions. (Yasuo)
  • SimpleXML:
  • Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
  • Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement). (Nikita)
  • SOAP:
  • Fixed bug #71711 (Soap Server Member variables reference bug). (Nikita)
  • Fixed bug #71996 (Using references in arrays doesn't work like expected). (Nikita)
  • Standard:
  • Fixed bug #72920 (Accessing a private constant using constant() creates an exception AND warning). (Laruence)
  • Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign). (cmb)
  • Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory). (cmb)
  • XML:
  • Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)

New in PHP 7.0.11 RC 1 (August 31st, 2016)

  • Core:
  • Fixed bug #72944 (Null pointer deref in zval_delref_p). (Dmitry)
  • Fixed bug #72943 (assign_dim on string doesn't reset hval). (Laruence)
  • Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper). (Laruence)
  • Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
  • Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator). (Nikita)
  • Fixed bug #72854 (PHP Crashes on duplicate destructor call). (Nikita)
  • Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
  • Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify). (Anatol)
  • COM:
  • Fixed bug #72922 (COM called from PHP does not return out parameters). (Anatol)
  • Dba:
  • Fixed bug #70825 (Cannot fetch multiple values with group in ini file). (cmb)
  • FTP:
  • Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)
  • GD:
  • Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
  • Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images). (cmb)
  • Fixed bug #72913 (imagecopy() loses single-color transparency on palette images). (cmb)
  • Fixed bug #68716 (possible resource leaks in _php_image_convert()). (cmb)
  • iconv:
  • Fixed bug #72320 (iconv_substr returns false for empty strings). (cmb)
  • IMAP:
  • Fixed bug #72852 (imap_mail null dereference). (Anatol)
  • Intl:
  • Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence). (cmb)
  • OCI8
  • Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
  • Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
  • Opcache:
  • Fixed bug #72949 (Typo in opcache error message). (cmb)
  • PDO:
  • Fixed bug #72788 (Invalid memory access when using persistent PDO connection). (Keyur)
  • Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
  • Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)
  • PDO_DBlib:
  • Implemented stringify 'uniqueidentifier' fields. (Alexander Zhuravlev, Adam Baratz)
  • PDO_pgsql:
  • Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago Sánchez, Matteo)
  • Fixed bug #72759 (Regression in pgo_pgsql). (Anatol)
  • Reflection:
  • Fixed bug #72846 (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN). (Laruence)
  • Session:
  • Fixed bug #72724 (PHP7: session-uploadprogress kills httpd). (Nikita)
  • Fixed bug #72940 (SID always return "name=ID", even if session cookie exist). (Yasuo)
  • SimpleXML:
  • Fixed bug #72971 (SimpleXML isset/unset do not respect namespace). (Nikita)
  • Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement). (Nikita)
  • Standard:
  • Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri Kenttä)
  • Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
  • Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign). (cmb)
  • Streams:
  • Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
  • Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5). (vhuk)
  • Sysvshm:
  • Fixed bug #72858 (shm_attach null dereference). (Anatol)
  • XML:
  • Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
  • Fixed bug #72714 (_xml_startElementHandler() segmentation fault). (cmb)
  • ZIP:
  • Fixed bug #68302 (impossible to compile php with zip support). (cmb)

New in PHP 7.1.0 Beta 3 (August 19th, 2016)

  • Core:
  • Fixed bug #72813 (Segfault with __get returned by ref). (Laruence)
  • Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator). (Nikita)
  • TypeError messages for arg_info type checks will now say "must be ... or null" where the parameter or return type accepts null. (Andrea)
  • Fixed bug #72857 (stream_socket_recvfrom read access violation). (Anatol)
  • Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (Stas)
  • Fixed bug #72681 (PHP Session Data Injection Vulnerability). (Stas)
  • Fixed bug #72742 (memory allocator fails to realloc small block to large one). (Stas)
  • Bz2:
  • Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption). (Stas)
  • Curl
  • Fixed bug #72674 (Heap overflow in curl_escape). (Stas)
  • EXIF:
  • Fixed bug #72735 (Samsung picture thumb not read (zero size)). (Kalle, Remi)
  • Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (Stas)
  • FTP:
  • Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse). (Benedict Singer)
  • mbstring:
  • Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on failure). (ju1ius)
  • Mcrypt:
  • Fixed bug #72782 (Heap Overflow due to integer overflows). (Stas)
  • OCI8
  • Fixed invalid handle error with Implicit Result Sets. (Chris Jones)
  • Fixed bug #72524 (Binding null values triggers ORA-24816 error). (Chris Jones)
  • Opcache:
  • Fixed bug #72762 (Infinite loop while parsing a file with opcache enabled). (Nikita)
  • PDO:
  • Fixed bug #72788 (Invalid memory access when using persistent PDO connection). (Keyur)
  • Fixed bug #72791 (Memory leak in PDO persistent connection handling). (Keyur)
  • Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false). (cmb)
  • Reflection:
  • Implemented request #38992 (invoke() and invokeArgs() static method calls should match). (cmb).
  • Add ReflectionNamedType::getName() and return leading "?" for nullable types from ReflectionType::__toString(). (Trowski)
  • Session:
  • Implemented RFC: Session ID without hashing. (Yasuo) http://wiki.php.net/rfc/session-id-without-hashing
  • SPL:
  • Fixed bug #72888 (Segfault on clone on splFileObject). (Laruence)
  • SQLite3:
  • Updated to SQLite3 3.14.0. (cmb)
  • Standard:
  • Fixed bug #55451 (substr_compare NULL length interpreted as 0). (Lauri Kenttä)
  • Fixed bug #72278 (getimagesize returning FALSE on valid jpg). (cmb)
  • Stream:
  • Fixed bug #72853 (stream_set_blocking doesn't work). (Laruence)
  • Fixed bug #72743 (Out-of-bound read in php_stream_filter_create). (Loianhtuan)
  • Implemented FR #27814 (Multiple small packets send for HTTP request). (vhuk)
  • Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5). (vhuk)
  • Fixed bug #72810 (Missing SKIP_ONLINE_TESTS checks). (vhuk)
  • sysvshm:
  • Fixed bug #72858 (shm_attach null dereference). (Anatol)
  • XML:
  • Fixed bug #72085 (SEGV on unknown address zif_xml_parse). (cmb)
  • ZIP:
  • Fixed bug #68302 (impossible to compile php with zip support). (cmb)

New in PHP 7.0.10 (August 19th, 2016)

  • Core:
  • Fixed bug #72629 (Caught exception assignment to variables ignores references).
  • Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals).
  • Fixed bug #72581 (previous property undefined in Exception after deserialization).
  • Fixed bug #72496 (Cannot declare public method with signature incompatible with parent private method).
  • Fixed bug #72024 (microtime() leaks memory).
  • Fixed bug #71911 (Unable to set --enable-debug on building extensions by phpize on Windows).
  • Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from.
  • Implemented FR #72614 (Support "nmake test" on building extensions by phpize).
  • Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
  • Fixed potential segfault in object storage freeing in shutdown sequence.
  • Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).
  • Fixed bug #72681 (PHP Session Data Injection Vulnerability).
  • Fixed bug #72683 (getmxrr broken).
  • Fixed bug #72742 (memory allocator fails to realloc small block to large one).
  • Bz2:
  • Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
  • Calendar:
  • Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
  • Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
  • COM:
  • Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).
  • CURL:
  • Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
  • Fixed bug #71929 (CURLINFO_CERTINFO data parsing error).
  • Fixed bug #72674 (Heap overflow in curl_escape).
  • DOM:
  • Fixed bug #66502 (DOM document dangling reference).
  • EXIF:
  • Fixed bug #72735 (Samsung picture thumb not read (zero size)).
  • Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF).
  • Filter:
  • Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
  • FPM:
  • Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
  • GD:
  • Fixed bug #72596 (imagetypes function won't advertise WEBP support).
  • Fixed bug #72604 (imagearc() ignores thickness for full arcs).
  • Fixed bug #70315 (500 Server Error but page is fully rendered).
  • Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
  • Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c).
  • Fixed bug #68712 (suspicious if-else statements).
  • Fixed bug #72697 (select_colors write out-of-bounds).
  • Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
  • Intl:
  • Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
  • Partially fixed Fixed bug #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
  • mbstring:
  • Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
  • Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
  • Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
  • Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
  • Mcrypt:
  • Fixed bug #72782 (Heap Overflow due to integer overflows).
  • Opcache:
  • Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
  • PCRE:
  • Fixed bug #72688 (preg_match missing group names in matches).
  • PDO_pgsql:
  • Fixed bug #70313 (PDO statement fails to throw exception).
  • Reflection:
  • Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
  • SimpleXML:
  • Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).
  • SNMP:
  • Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
  • SPL:
  • Fixed bug #55701 (GlobIterator throws LogicException).
  • Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
  • Fixed bug #72684 (AppendIterator segfault with closed generator).
  • SQLite3:
  • Fixed bug #72668 (Spurious warning when exception is thrown in user defined function).
  • Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash).
  • Implemented FR #72653 (SQLite should allow opening with empty filename).
  • Updated to SQLite3 3.13.0.
  • Standard:
  • Fixed bug #72622 (array_walk + array_replace_recursive create references from nothing).
  • Fixed bug #72152 (base64_decode $strict fails to detect null byte).
  • Fixed bug #72263 (base64_decode skips a character after padding in strict mode).
  • Fixed bug #72264 (base64_decode $strict fails with whitespace between padding).
  • Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
  • Streams:
  • Fixed bug #41021 (Problems with the ftps wrapper).
  • Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
  • Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
  • Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
  • XMLRPC:
  • Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).
  • Wddx:
  • Fixed bug #72564 (boolean always deserialized as "true") (Remi)
  • Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
  • Fixed bug #72749 (wddx_deserialize allows illegal memory access) (Stas)
  • Fixed bug #72750 (wddx_deserialize null dereference).
  • Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
  • Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element).
  • Zip:
  • Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).

New in PHP 7.1.0 Beta 2 (August 3rd, 2016)

  • Core:
  • Implemented FR #72614 (Support "nmake test" on building extensions by phpize). (Yuji Uchiyama)
  • Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX). (Yuji Uchiyama)
  • Fixed bug #72683 (getmxrr broken). (Anatol)
  • Calendar:
  • Fixed bug #67976 (cal_days_month() fails for final month of the French calendar). (cmb)
  • Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd). (cmb)
  • CURL:
  • Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER). (Pierrick)
  • Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
  • Intl:
  • Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property). (Laruence)
  • Fixed bug #72658 (Locale::lookup() / locale_lookup() hangs if no match found). (Anatol)
  • GD:
  • Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles). (cmb)
  • mbstring:
  • Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width). (cmb)
  • Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width). (cmb)
  • Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position). (cmb)
  • Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error). (ju1ius)
  • Mysqlnd:
  • Fixed bug #71863 (Segfault when EXPLAIN with "Unknown column" error when using MariaDB). (Andrey)
  • Fixed bug #72701 (mysqli_get_host_info() wrong output). (Anatol)
  • PCRE:
  • Fixed bug #72688 (preg_match missing group names in matches). (cmb)
  • Downgraded to PCRE 8.38. (Anatol)
  • Reflection:
  • Fixed bug #72661 (ReflectionType::__toString crashes with iterable). (Laruence)
  • SPL:
  • Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character). (cmb)
  • Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
  • SQLite3:
  • Fixed bug #72668 (Spurious warning when exception is thrown in user defined function). (Laruence)
  • Implemented FR #72653 (SQLite should allow opening with empty filename). (cmb)
  • Standard:
  • Fixed bug #61967 (unset array item in array_walk_recursive cause inconsistent array). (Nikita)
  • Fixed bug #62607 (array_walk_recursive move internal pointer). (Nikita)
  • Fixed bug #69068 (Exchanging array during array_walk -> memory errors). (Nikita)
  • Fixed bug #70713 (Use After Free Vulnerability in array_walk()/ array_walk_recursive()). (Nikita)
  • Streams:
  • Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
  • Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
  • Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories). (vhuk)
  • Wddx:
  • Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen)
  • XMLRPC:
  • Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements). (Laruence)
  • Zip:
  • Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence)

New in PHP 7.0.10 RC 1 (August 2nd, 2016)

  • Core:
  • Fixed bug #72629 (Caught exception assignment to variables ignores references). (Laruence)
  • Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals). (Laruence)
  • Fixed bug #72581 (previous property undefined in Exception after deserialization). (Laruence)
  • Fixed bug #72496 (Cannot declare public method with signature incompatible with parent private method). (Pedro Magalhães)
  • Fixed bug #72024 (microtime() leaks memory). (maroszek at gmx dot net)
  • Fixed bug #71911 (Unable to set --enable-debug on building extensions by phpize on Windows). (Yuji Uchiyama)
  • Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from. (Bob)
  • Implemented FR #72614 (Support "nmake test" on building extensions by phpize). (Yuji Uchiyama)
  • Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX). (Yuji Uchiyama)
  • Fixed potential segfault in object storage freeing in shutdown sequence. (Bob)
  • Fixed bug #72683 (getmxrr broken). (Anatol)
  • Calendar:
  • Fixed bug #67976 (cal_days_month() fails for final month of the French calendar). (cmb)
  • Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd). (cmb)
  • COM:
  • Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7). (Anatol)
  • CURL:
  • Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER). (Pierrick)
  • Fixed bug #71929 (CURLINFO_CERTINFO data parsing error). (Pierrick)
  • DOM:
  • Fixed bug #66502 (DOM document dangling reference). (Sean Heelan, cmb)
  • Filter:
  • Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range). (bugs dot php dot net at majkl578 dot cz)
  • FPM:
  • Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user). (gooh)
  • GD:
  • Fixed bug #72596 (imagetypes function won't advertise WEBP support). (cmb)
  • Fixed bug #72604 (imagearc() ignores thickness for full arcs). (cmb)
  • Fixed bug #70315 (500 Server Error but page is fully rendered). (cmb)
  • Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode). (cmb)
  • Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c). (cmb)
  • Fixed bug #68712 (suspicious if-else statements). (cmb)
  • Intl:
  • Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property). (Laruence)
  • Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain names). (cmb)
  • mbstring:
  • Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width). (cmb)
  • Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width). (cmb)
  • Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position). (cmb)
  • Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error). (ju1ius)
  • Opcache:
  • Fixed bug #72590 (Opcache restart with kill_all_lockers does not work). (Keyur)
  • PCRE:
  • Fixed bug #72688 (preg_match missing group names in matches). (cmb)
  • PDO_pgsql:
  • Fixed bug #70313 (PDO statement fails to throw exception). (Matteo)
  • Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence). (Pablo Santiago Sánchez)
  • Reflection:
  • Fixed bug #72222 (ReflectionClass::export doesn't handle array constants). (Nikita Nefedov)
  • SimpleXML:
  • Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element). (Laruence)
  • SPL:
  • Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
  • Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character). (cmb)
  • Fixed bug #72684 (AppendIterator segfault with closed generator). (Pierrick)
  • SQLite3:
  • Fixed bug #72668 (Spurious warning when exception is thrown in user defined function). (Laruence)
  • Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash). (Laruence)
  • Implemented FR #72653 (SQLite should allow opening with empty filename). (cmb)
  • Updated to SQLite3 3.13.0. (cmb)
  • Standard:
  • Fixed bug #72622 (array_walk + array_replace_recursive create references from nothing). (Laruence)
  • Fixed bug #72152 (base64_decode $strict fails to detect null byte). (Lauri Kenttä)
  • Fixed bug #72263 (base64_decode skips a character after padding in strict mode). (Lauri Kenttä)
  • Fixed bug #72264 (base64_decode $strict fails with whitespace between padding). (Lauri Kenttä)
  • Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars). (cmb)
  • Streams:
  • Fixed bug #41021 (Problems with the ftps wrapper). (vhuk)
  • Fixed bug #54431 (opendir() does not work with ftps:// wrapper). (vhuk)
  • Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories). (vhuk)
  • XMLRPC:
  • Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements). (Laruence)
  • Wddx:
  • Fixed bug #72564 (boolean always deserialized as "true") (Remi)
  • Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()). (Taoguang Chen)
  • Zip:
  • Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd). (Laruence)

New in PHP 7.1.0 Beta 1 (July 21st, 2016)

  • Builds on previous releases with:
  • Asynchronous Signal Handling (without ticks) in ext/pcntl.
  • Additional Context in pcntl_signal Handler

New in PHP 7.0.9 (July 19th, 2016)

  • Core:
  • Fixed bug #72508 (strange references after recursive function call and "switch" statement). (Laruence)
  • Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (Stas)
  • Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (Stas)
  • bz2:
  • Fixed bug #72613 (Inadequate error handling in bzread()). (Stas)
  • CLI:
  • Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php). (Laruence)
  • COM:
  • Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
  • Curl:
  • Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas)
  • Exif:
  • Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (Stas)
  • Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (Stas)
  • GD:
  • Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
  • Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
  • Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
  • Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access). (Pierre)
  • Fixed bug #72519 (imagegif/output out-of-bounds access). (Pierre)
  • Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). (Pierre)
  • Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow). (Pierre)
  • Fixed bug #72494 (imagecropauto out-of-bounds access). (Pierre)
  • Intl:
  • Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (Stas)
  • Mbstring:
  • Fixed bug #72405 (mb_ereg_replace mbc_to_code (oniguruma) oob read access). (Laruence)
  • Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
  • mcrypt:
  • Fixed bug #72551, bug #72552 (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic). (Stas)
  • PDO_pgsql:
  • Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders). (Matteo)
  • PCRE:
  • Fixed bug #72476 (Memleak in jit_stack). (Laruence)
  • Fixed bug #72463 (mail fails with invalid argument). (Anatol)
  • Readline:
  • Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
  • Standard:
  • Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
  • Fixed bug #72306 (Heap overflow through proc_open and $env parameter). (Laruence)
  • Session:
  • Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
  • Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization). (Stas)
  • SNMP:
  • Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (Stas)
  • Streams:
  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence)
  • XMLRPC:
  • Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (Stas)
  • Zip:
  • Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (Stas)

New in PHP 7.0.9 RC 1 (July 6th, 2016)

  • Core:
  • Fixed bug #72508 (strange references after recursive function call and "switch" statement). (Laruence)
  • CLI:
  • Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php). (Laruence)
  • COM:
  • Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
  • GD:
  • Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
  • Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
  • Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
  • Mbstring:
  • Fixed bug #72405 (mb_ereg_replace mbc_to_code (oniguruma) oob read access). (Laruence)
  • Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
  • PCRE:
  • Fixed bug #72476 (Memleak in jit_stack). (Laruence)
  • Fixed bug #72463 (mail fails with invalid argument). (Anatol)
  • Readline:
  • Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
  • Standard:
  • Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
  • Fixed bug #72306 (Heap overflow through proc_open and $env parameter). (Laruence)
  • Session:
  • Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
  • Streams:
  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence)

New in PHP 7.1.0 Alpha 3 (July 6th, 2016)

  • Core:
  • Implemented RFC: Iterable. (Aaron Piotrowski)
  • Fixed bug #72523 (dtrace issue with reflection (failed test)). (Laruence)
  • Fixed bug #72508 (strange references after recursive function call and "switch" statement). (Laruence)
  • Implemented RFC: Closure::fromCallable (Danack)
  • COM:
  • Fixed bug #72498 (variant_date_from_timestamp null dereference). (Anatol)
  • CURL:
  • Add curl_multi_errno(), curl_share_errno() and curl_share_strerror()
  • functions. (Pierrick)
  • Add support for HTTP/2 Server Push (davey)
  • Date:
  • Invalid serialization data for a DateTime or DatePeriod object will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error. (Aaron Piotrowski)
  • Timezone initialization failure from serialized data will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error. (Aaron Piotrowski)
  • Export date_get_interface_ce() for extension use. (Jeremy Mikola)
  • DOM:
  • Invalid schema or RelaxNG validation contexts will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Attempting to register a node class that does not extend the appropriate base class will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • GD:
  • Fixed bug #72404 (imagecreatefromjpeg fails on selfie). (cmb)
  • IMAP:
  • An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Intl:
  • Failure to call the parent constructor in a class extending Collator before invoking the parent methods will throw an instance of Error instead of resulting in a recoverable fatal error. (Aaron Piotrowski)
  • Cloning a Transliterator object may will now throw an instance of Error instead of resulting in a fatal error if cloning the internal transliterator fails. (Aaron Piotrowski)
  • LDAP:
  • Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Mbstring:
  • mb_ereg() and mb_eregi() will now throw an instance of ParseError if an invalid PHP expression is provided and the 'e' option is used. (Aaron Piotrowski)
  • Mcrypt:
  • mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error instead of resulting in a fatal error if mcrypt cannot be initialized. (Aaron Piotrowski)
  • Mysqli:
  • Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • OpenSSL:
  • Implemented FR #61204 (Add elliptic curve support for OpenSSL). (Dominic Luechinger)
  • PCRE:
  • Fixed bug #72476 (Memleak in jit_stack). (Laruence)
  • Fixed bug #72463 (mail fails with invalid argument). (Anatol)
  • Readline:
  • Fixed bug #72538 (readline_redisplay crashes php). (Laruence)
  • Reflection:
  • Failure to retrieve a reflection object or retrieve an object property will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • SQLite3:
  • Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work). (cmb)
  • Session:
  • Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow). (Laruence)
  • Custom session handlers that do not return strings for session IDs will now throw an instance of Error instead of resulting in a fatal error when a function is called that must generate a session ID. (Aaron Piotrowski)
  • An invalid setting for session.hash_function will throw an instance of Error instead of resulting in a fatal error when a session ID is created. (Aaron Piotrowski)
  • SimpleXML:
  • Creating an unnamed or duplicate attribute will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • SPL:
  • Attempting to clone an SplDirectory object will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Calling ArrayIterator::append() when iterating over an object will throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Fixed bug #55701 (GlobIterator throws LogicException). (Valentin VĂLCIU)
  • Standard:
  • Implemented RFC: More precise float values. (Jakub Zelenka, Yasuo)
  • array_multisort now uses zend_sort instead zend_qsort. (Laruence)
  • Fixed bug #72505 (readfile() mangles files larger than 2G). (Cschneid)
  • assert() will throw a ParseError when evaluating a string given as the first argument if the PHP code is invalid instead of resulting in a catchable fatal error. (Aaron Piotrowski)
  • Calling forward_static_call() outside of a class scope will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Streams:
  • Fixed bug #72534 (stream_socket_get_name crashes). (Anatol)
  • Tidy:
  • Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • WDDX:
  • A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • XML-RPC:
  • A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error. (Aaron Piotrowski)
  • Zip:
  • ZipArchive::addGlob() will throw an instance of Error instead of resulting in a fatal error if glob support is not available. (Aaron Piotrowski)

New in PHP 7.1.0 Alpha 2 (June 22nd, 2016)

  • Core:
  • Implemented RFC: Replace "Missing argument" warning with "Too few arguments" exception. (Dmitry)
  • Implemented RFC: Fix inconsistent behavior of $this variable. (Dmitry)
  • Fixed bug #72441 (Segmentation fault: RFC list_keys). (Laruence)
  • Fixed bug #72395 (list() regression). (Laruence)
  • Fixed bug #72373 (TypeError after Generator function w/declared return type finishes). (Nikita)
  • Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir). (Laruence, Anatol)
  • Fixed UTF-8 and long path support on Windows. (Anatol)
  • Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
  • Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()). (Stas)
  • Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
  • Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
  • GD:
  • Fixed bug #43475 (Thick styled lines have scrambled patterns). (cmb)
  • Fixed bug #53640 (XBM images require width to be multiple of 8). (cmb)
  • Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line). (cmb)
  • Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
  • Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)
  • Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
  • JSON
  • Implemented FR #46600 ("_empty_" key in objects). (Jakub Zelenka)
  • Mbstring:
  • Fixed bug #72405 (mb_ereg_replace mbc_to_code (oniguruma) oob read access). (Laruence)
  • Fixed bug #72399 (Use-After-Free in MBString (search_re)). (Laruence)
  • Fixed bug #72402 (_php_mb_regex_ereg_replace_exec double free). (Stas)
  • mcrypt:
  • Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
  • OpenSSL:
  • Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt). (Jakub Zelenka)
  • Implemented error storing to the global queue and cleaning up the OpenSSL error queue (resolves bugs #68276 and #69882). (Jakub Zelenka)
  • PCRE:
  • Upgraded to PCRE 8.39. (Anatol)
  • SPL:
  • Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
  • Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)
  • Sqlite3:
  • Implemented FR #72385 (Update SQLite bundle lib(3.13.0)). (Laruence)
  • Standard:
  • Fixed bug #72306 (Heap overflow through proc_open and $env parameter). (Laruence)
  • Streams:
  • Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault). (Laruence)
  • WDDX:
  • Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
  • zip:
  • Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)

New in PHP 7.0.8 (June 21st, 2016)

  • Core:
  • Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes). (Esminis at esminis dot lt)
  • Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä)
  • Fixed bug #72268 (Integer Overflow in nl2br()). (Stas)
  • Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()). (Stas)
  • Fixed bug #72400 (Integer Overflow in addcslashes/addslashes). (Stas)
  • Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL). (Stas)
  • FPM:
  • Fixed bug #72308 (fastcgi_finish_request and logging environment variables). (Laruence)
  • GD:
  • Fixed bug #72298 (pass2_no_dither out-of-bounds access). (Stas)
  • Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
  • Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (Pierre)
  • Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert). (Stas)
  • Intl:
  • Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
  • mbstring:
  • Fixed bug #72402 (_php_mb_regex_ereg_replace_exec double free). (Stas)
  • mcrypt:
  • Fixed bug #72455 (Heap Overflow due to integer overflows). (Stas)
  • PCRE:
  • Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
  • PDO_pgsql:
  • Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound). (Laruence)
  • Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor). (Anatol)
  • Phpdbg:
  • Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
  • Postgres:
  • Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
  • Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
  • SPL:
  • Fixed bug #72262 (int/size_t confusion in SplFileObject::fread). (Stas)
  • Fixed bug #72433 (Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)
  • Standard:
  • Fixed bug #72017 (range() with float step produces unexpected result). (Thomas Punt)
  • Fixed bug #72193 (dns_get_record returns array containing elements of type 'unknown'). (Laruence)
  • Fixed bug #72229 (Wrong reference when serialize/unserialize an object). (Laruence)
  • Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)
  • XML:
  • Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)
  • XMLRPC:
  • Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe, Laruence)
  • WDDX:
  • Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (Stas)
  • Zip:
  • Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form). (Anatol)
  • Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (Dmitry)

New in PHP 7.1.0 Alpha 1 (June 8th, 2016)

  • Core:
  • Added nullable types. (Levi, Dmitry)
  • Added DFA optimization framework based on e-SSA form. (Dmitry, Nikita)
  • Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW). (Dmitry)
  • Change statement and fcall extension handlers to accept frame. (Joe)
  • Implemented safe execution timeout handling, that prevents random crashes after "Maximum execution time exceeded" error. (Dmitry)
  • Fixed bug #53432 (Assignment via string index access on an empty string converts to array). (Nikita)
  • Fixed bug #62210 (Exceptions can leak temporary variables). (Dmitry, Bob)
  • Fixed bug #62814 (It is possible to stiffen child class members visibility). (Nikita)
  • Fixed bug #69989 (Generators don't participate in cycle GC). (Nikita)
  • Fixed bug #71604 (Aborted Generators continue after nested finally). (Nikita)
  • Fixed bug #71572 (String offset assignment from an empty string inserts null byte). (Francois)
  • Fixed bug #71897 (ASCII 0x7F Delete control character permitted in identifiers). (Andrea)
  • Fixed bug #72188 (Nested try/finally blocks losing return value). (Dmitry)
  • Fixed bug #72213 (Finally leaks on nested exceptions). (Dmitry, Nikita)
  • Implemented the RFC `Support Class Constant Visibility`. (Sean DuBois, Reeze Xia, Dmitry)
  • Added void return type. (Andrea)
  • Added support for negative string offsets in string offset syntax and various string functions. (Francois)
  • Added a form of the list() construct where keys can be specified. (Andrea)
  • Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs when given malformed numeric strings. (Andrea)
  • (int), intval() where $base is 10 or unspecified, settype(), decbin(), decoct(), dechex(), integer operators and other conversions now always respect scientific notation in numeric strings. (Andrea)
  • Implemented the RFC `Catching multiple exception types`. (Bronislaw Bialek, Pierrick)
  • Raise a compile-time warning on octal escape sequence overflow. (Sara)
  • Added [] = as alternative construct to list() =. (Bob)
  • Implemented logging to syslog with dynamic error levels. (Jani Ollikainen)
  • Fixed bug #47517 (php-cgi.exe missing UAC manifest). (maxdax15801 at users noreply github com)
  • Apache2handler:
  • Enable per-module logging in Apache 2.4+. (Martin Vobruba)
  • CLI Server:
  • Fixed bug #71276 (Built-in webserver does not send Date header). (see at seos fr)
  • FTP:
  • Implemented FR #55651 (Option to ignore the returned FTP PASV address). (abrender at elitehosts dot com)
  • Intl:
  • Added IntlTimeZone::getWindowsID() and IntlTimeZone::getIDForWindowsID(). (Sara)
  • Fixed bug #69374 (IntlDateFormatter formatObject returns wrong utf8 value). (lenhatanh86 at gmail com)
  • Fixed bug #69398 (IntlDateFormatter formatObject returns wrong value when time style is NONE). (lenhatanh86 at gmail com)
  • Hash:
  • Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit). (Sara)
  • Added SHA512/256 and SHA512/224 algorithms. (Sara)
  • JSON:
  • Exported JSON parser API including json_parser_method that can be used for implementing custom logic when parsing JSON. (Jakub Zelenka)
  • Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore the previous behaviour. (Eddie Kohler)
  • PDO_Firebird:
  • Fixed bug #60052 (Integer returned as a 64bit integer on X86_64). (Mariuz)
  • Pgsql:
  • Implemented FR #31021 (pg_last_notice() is needed to get all notice messages). (Yasuo)
  • Implemented FR #48532 (Allow pg_fetch_all() to index numerically). (Yasuo)
  • Reflection:
  • Fix #72209 (ReflectionProperty::getValue() doesn't fail if object doesn't match type). (Joe)
  • Session:
  • Improved fix for bug #68063 (Empty session IDs do still start sessions). (Yasuo)
  • Fixed bug #71038 (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value. (Yasuo)
  • Fixed bug #71394 (session_regenerate_id() must close opened session on errors). (Yasuo)
  • SQLite3:
  • Implemented FR #71159 (Upgraded bundled SQLite lib to 3.9.2). (Laruence)
  • Standard:
  • Fixed bug #71100 (long2ip() doesn't accept integers in strict mode). (Laruence)
  • Implemented FR #55716 (Add an option to pass a custom stream context to get_headers()). (Ferenc)
  • Additional validation for parse_url() for login/pass components). (Ilia) (Julien)
  • Implemented FR #69359 (Provide a way to fetch the current environment variables). (Ferenc)
  • unpack() function accepts an additional optional argument $offset. (Dmitry)
  • Implemented #51879 stream context socket option tcp_nodelay (Joe)

New in PHP 7.0.8 RC 1 (June 8th, 2016)

  • Core:
  • Fixed bug #72221 (segfault, past-the-end access). (Lauri Kenttä)
  • Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes). (Esminis at esminis dot lt)
  • FPM:
  • Fixed bug #72308 (fastcgi_finish_request and logging environment variables). (Laruence)
  • GD:
  • Fixed bug #72337 (invalid dimensions can lead to crash) (Pierre)
  • Intl:
  • Fixed bug #64524 (Add intl.use_exceptions to php.ini-*). (Anatol)
  • PCRE:
  • Fixed bug #72143 (preg_replace uses int instead of size_t). (Joe)
  • PDO_pgsql:
  • Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound). (Laruence)
  • Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor). (Anatol)
  • Phpdbg:
  • Fixed bug #72284 (phpdbg fatal errors with coverage). (Bob)
  • Postgres:
  • Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free). (Laruence)
  • Fixed bug #72197 (pg_lo_create arbitrary read). (Anatol)
  • Standard:
  • Fixed bug #72300 (ignore_user_abort(false) has no effect). (Laruence)
  • Fixed bug #72229 (Wrong reference when serialize/unserialize an object). (Laruence)
  • Fixed bug #72193 (dns_get_record returns array containing elements of type 'unknown'). (Laruence)
  • Fixed bug #72017 (range() with float step produces unexpected result). (Thomas Punt)
  • XML:
  • Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem). (Joe)
  • XMLRPC:
  • Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type). (Joe, Laruence)
  • Zip:
  • Fixed ug #72258 (ZipArchive converts filenames to unrecoverable form). (Anatol)

New in PHP 7.0.7 (May 25th, 2016)

  • Core:
  • Fixed bug #72162 (use-after-free error_reporting). (Laruence)
  • Add compiler option to disable special case function calls. (Joe)
  • Fixed bug #72101 (crash on complex code). (Dmitry)
  • Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer). (Mikhail Galanin)
  • Fixed bug #72057 (PHP Hangs when using custom error handler and typehint). (Nikita Nefedov)
  • Fixed bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice). (Bob)
  • Fixed bug #71737 (Memory leak in closure with parameter named $this). (Nikita)
  • Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio)
  • Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita)
  • Curl:
  • Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick)
  • DBA:
  • Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence)
  • GD:
  • Fixed bug #72227 (imagescale out-of-bounds read). (Stas)
  • Intl:
  • Fixed #72241 (get_icu_value_internal out-of-bounds read). (Stas)
  • JSON:
  • Fixed bug #72069 (Behavior \JsonSerializable different from json_encode). (Laruence)
  • Mbstring:
  • Fixed bug #72164 (Null Pointer Dereference mb_ereg_replace). (Laruence)
  • OCI8:
  • Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns). (Tian Yang)
  • Opcache:
  • Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error). (Laruence)
  • OpenSSL:
  • Fixed bug #72165 (Null pointer dereference openssl_csr_new). (Anatol)
  • PCNTL:
  • Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite). (Laruence)
  • POSIX:
  • Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL). (esminis at esminis dot lt)
  • Postgres:
  • Fixed bug #72028 (pg_query_params(): NULL converts to empty string). (Laruence)
  • Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype timestamp). (denver at timothy dot io)
  • Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
  • Reflection:
  • Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call). (Nikita)
  • Session:
  • Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object). (Laruence)
  • Sockets:
  • Added socket_export_stream() function for getting a stream compatible resource from a socket resource. (Chris Wright, Bob)
  • SPL:
  • Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected). (Laruence)
  • SQLite3:
  • Fixed bug #68849 (bindValue is not using the right data type). (Anatol)
  • Standard:
  • Fixed bug #72075 (Referencing socket resources breaks stream_select). (Laruence)
  • Fixed bug #72031 (array_column() against an array of objects discards all values matching null). (Nikita)

New in PHP 7.0.7 RC 1 (May 11th, 2016)

  • Core:
  • Fixed bug #72162 (use-after-free error_reporting). (Laruence)
  • Add compiler option to disable special case function calls. (Joe)
  • Fixed bug #72101 (crash on complex code). (Dmitry)
  • Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer). (Mikhail Galanin)
  • Fixed bug #72057 (PHP Hangs when using custom error handler and typehint). (Nikita Nefedov)
  • Fixed bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice). (Bob)
  • Fixed bug #71737 (Memory leak in closure with parameter named $this). (Nikita)
  • Fixed bug #72059 (?? is not allowed on constant expressions). (Bob, Marcio)
  • Fixed bug #72159 (Imported Class Overrides Local Class Name). (Nikita)
  • Curl:
  • Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). (Pierrick)
  • DBA:
  • Fixed bug #72157 (use-after-free caused by dba_open). (Shm, Laruence)
  • JSON:
  • Fixed bug #72069 (Behavior \JsonSerializable different from json_encode). (Laruence)
  • Mbstring:
  • Fixed bug #72164 (Null Pointer Dereference mb_ereg_replace). (Laruence)
  • OCI8:
  • Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns). (Tian Yang)
  • Opcache:
  • Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error). (Laruence)
  • OpenSSL:
  • Fixed bug #72165 (Null pointer dereference openssl_csr_new). (Anatol)
  • PCNTL:
  • Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite). (Laruence)
  • POSIX:
  • Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL). (esminis at esminis dot lt)
  • Postgres:
  • Fixed bug #72028 (pg_query_params(): NULL converts to empty string). (Laruence)
  • Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype timestamp). (denver at timothy dot io)
  • Fixed bug #72151 (mysqli_fetch_object changed behaviour). (Anatol)
  • Reflection:
  • Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call). (Nikita)
  • Session:
  • Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object). (Laruence)
  • Sockets:
  • Added socket_export_stream() function for getting a stream compatible resource from a socket resource. (Chris Wright, Bob)
  • SPL:
  • Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected). (Laruence)
  • SQLite3:
  • Fixed bug #68849 (bindValue is not using the right data type). (Anatol)
  • Standard:
  • Fixed bug #72075 (Referencing socket resources breaks stream_select). (Laruence)
  • Fixed bug #72031 (array_column() against an array of objects discards all values matching null). (Nikita)

New in PHP 7.0.6 (April 27th, 2016)

  • Core:
  • Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount

New in PHP 7.0.6 RC 1 (April 12th, 2016)

  • Core:
  • Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount

New in PHP 7.0.5 (March 29th, 2016)

  • Core:
  • Huge pages disabled by default. (Rasmus)
  • Added ability to enable huge pages in Zend Memory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1. (Dmitry)
  • Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions when used in switch). (Laruence)
  • Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod). (Laruence)
  • Fixed bug #71695 (Global variables are reserved before execution). (Laruence)
  • Fixed bug #71629 (Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397). (mt at debian dot org)
  • Fixed bug #71622 (Strings used in pass-as-reference cannot be used to invoke C::$callable()). (Bob)
  • Fixed bug #71596 (Segmentation fault on ZTS with date function (setlocale)). (Anatol)
  • Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()). (Dmitry)
  • Fixed bug #71470 (Leaked 1 hashtable iterators). (Nikita)
  • Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function). (asgrim)
  • Fixed bug #71724 (yield from does not count EOLs). (Nikita)
  • Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong comment). (Grigorii Sokolik)
  • Fixed bug #71806 (php_strip_whitespace() fails on some numerical values). (Nikita)
  • Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken). (Sean DuBois)
  • CLI Server:
  • Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)
  • Curl:
  • Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)
  • Date:
  • Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
  • Fileinfo:
  • Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (Anatol)
  • libxml:
  • Fixed bug #71536 (Access Violation crashes php-cgi.exe). (Anatol)
  • mbstring:
  • Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (Stas)
  • ODBC:
  • Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements). (einavitamar at gmail dot com, Anatol)
  • PCRE:
  • Fixed bug #71659 (segmentation fault in pcre running twig tests). (nish dot aravamudan at canonical dot com)
  • PDO_DBlib:
  • Bug #54648 (PDO::MSSQL forces format of datetime fields). (steven dot lambeth at gmx dot de, Anatol)
  • Phar:
  • Fixed bug #71625 (Crash in php7.dll with bad phar filename). (Anatol)
  • Fixed bug #71317 (PharData fails to open specific file). (Jos Elstgeest)
  • Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name). (Stas)
  • phpdbg:
  • Fixed crash when advancing (except step) inside an internal function. (Bob)
  • Session:
  • Fixed Bug #71683 (Null pointer dereference in zend_hash_str_find_bucket). (Yasuo)
  • SNMP:
  • Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (andrew at jmpesp dot org)
  • SPL:
  • Fixed bug #71617 (private properties lost when unserializing ArrayObject). (Nikita)
  • Standard:
  • Fixed bug #71660 (array_column behaves incorrectly after foreach by reference). (Laruence)
  • Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (taoguangchen at icloud dot com, Stas)
  • Zip:
  • Update bundled libzip to 1.1.2. (Remi, Anatol)

New in PHP 7.0.5 RC 1 (March 15th, 2016)

  • CLI Server:
  • Fixed bug #69953 (Support MKCALENDAR request method). (Christoph)
  • Core:
  • Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions when used in switch). (Laruence)
  • Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod). (Laruence)
  • Fixed bug #71695 (Global variables are reserved before execution). (Laruence)
  • Fixed bug #71629 (Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397). (mt at debian dot org)
  • Fixed bug #71622 (Strings used in pass-as-reference cannot be used to invoke C::$callable()). (Bob)
  • Fixed bug #71596 (Segmentation fault on ZTS with date function (setlocale)). (Anatol)
  • Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()). (Dmitry)
  • Fixed bug #71470 (Leaked 1 hashtable iterators). (Nikita)
  • Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function). (asgrim)
  • Fixed bug #71724 (yield from does not count EOLs). (Nikita)
  • Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong comment). (Grigorii Sokolik)
  • Fixed bug #71806 (php_strip_whitespace() fails on some numerical values). (Nikita)
  • Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken). (Sean DuBois)
  • Curl:
  • Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY). (mpyw)
  • Date:
  • Fixed bug #71635 (DatePeriod::getEndDate segfault). (Thomas Punt)
  • libxml:
  • Fixed bug #71536 (Access Violation crashes php-cgi.exe). (Anatol)
  • ODBC:
  • Fixed bug #47803, #69526 (Executing prepared statements is succesfull only for the first two statements). (einavitamar at gmail dot com, Anatol)
  • PCRE:
  • Fixed bug #71659 (segmentation fault in pcre running twig tests). (nish dot aravamudan at canonical dot com)
  • PDO_DBlib:
  • Bug #54648 (PDO::MSSQL forces format of datetime fields). (steven dot lambeth at gmx dot de, Anatol)
  • Phar:
  • Fixed bug #71625 (Crash in php7.dll with bad phar filename). (Anatol)
  • Fixed bug #71317 (PharData fails to open specific file). (Jos Elstgeest)
  • phpdbg:
  • Fixed crash when advancing (except step) inside an internal function. (Bob)
  • Session:
  • Fixed Bug #71683 (Null pointer dereference in zend_hash_str_find_bucket). (Yasuo)
  • SPL:
  • Fixed bug #71617 (private properties lost when unserializing ArrayObject). (Nikita)
  • Standard:
  • Fixed bug #71660 (array_column behaves incorrectly after foreach by reference). (Laruence)
  • Zip:
  • Update bundled libzip to 1.1.2. (Remi, Anatol)

New in PHP 7.0.4 (March 3rd, 2016)

  • Core:
  • Fixed bug (Low probability segfault in zend_arena). (Laruence)
  • Fixed bug #71441 (Typehinted Generator with return in try/finally crashes). (Bob)
  • Fixed bug #71442 (forward_static_call crash). (Laruence)
  • Fixed bug #71443 (Segfault using built-in webserver with intl using symfony). (Laruence)
  • Fixed bug #71449 (An integer overflow bug in php_implode()). (Stas)
  • Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()). (Stas)
  • Fixed bug #71474 (Crash because of VM stack corruption on Magento2). (Dmitry)
  • Fixed bug #71485 (Return typehint on internal func causes Fatal error when it throws exception). (Laruence)
  • Fixed bug #71529 (Variable references on array elements don't work when using count). (Nikita)
  • Fixed bug #71601 (finally block not executed after yield from). (Bob)
  • Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes). (Stas)
  • CLI server:
  • Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug). (Johannes, Anatol)
  • CURL:
  • Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec). (Laruence)
  • Fixed memory leak in curl_getinfo(). (Leigh)
  • Date:
  • Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues). (Sean DuBois)
  • Fileinfo:
  • Fixed bug #71434 (finfo throws notice for specific python file). (Laruence)
  • FPM:
  • Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup). (Matt Haught, Remi)
  • Fixed bug #71269 (php-fpm dumped core). (Mickaël)
  • Opcache:
  • Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache). (Yussuf Khalil)
  • PCRE:
  • Fixed bug #71537 (PCRE segfault from Opcache). (Laruence)
  • phpdbg:
  • Fixed inherited functions from unspecified files being included in phpdbg_get_executable(). (Bob)
  • SOAP:
  • Fixed bug #71610 (Type Confusion Vulnerability SOAP / make_http_soap_request()). (Stas)
  • Standard:
  • Fixed bug #71603 (compact() maintains references in php7). (Laruence)
  • Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
  • XMLRPC:
  • Fixed bug #71501 (xmlrpc_encode_request ignores encoding option). (Hieu Le)
  • Zip:
  • Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo). (Laruence)

New in PHP 7.0.3 (February 2nd, 2016)

  • Core:
  • Added support for new HTTP 451 code. (Julien)
  • Fixed bug #71039 (exec functions ignore length but look for NULL termination). (Anatol)
  • Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
  • Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
  • Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
  • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). (Anatol)
  • Fixed Bug #71275 (Bad method called on cloning an object having a trait). (Bob)
  • Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
  • Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
  • Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
  • Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input). (Leo Gaspard)
  • Fixed bug #71336 (Wrong is_ref on properties as exposed via get_object_vars()). (Laruence)
  • Fixed bug #71459 (Integer overflow in iptcembed()). (Stas)
  • Apache2handler:
  • Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
  • CURL:
  • Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
  • Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile). (Laruence)
  • Interbase:
  • Fixed Bug #71305 (Crash when optional resource is omitted).
  • (Laruence, Anatol)
  • LDAP:
  • Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string "Array"). (Laruence)
  • mbstring:
  • Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
  • OpenSSL:
  • Fixed bug #71475 (openssl_seal() uninitialized memory usage). (Stas)
  • Phar:
  • Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (Stas)
  • Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()). (Stas)
  • Fixed bug #71488 (Stack overflow when decompressing tar archives). (Stas)
  • SOAP:
  • Fixed bug #70979 (crash with bad soap request). (Anatol)
  • SPL:
  • Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). (Laruence)
  • Fixed bug #71202 (Autoload function registered by another not activated immediately). (Laruence)
  • Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject, unserialize)). (Sean Heelan)
  • Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)). (Sean Heelan)
  • Standard:
  • Fixed bug #71287 (Error message contains hexadecimal instead of decimal number). (Laruence)
  • Fixed bug #71264 (file_put_contents() returns unexpected value when filesystem runs full). (Laruence)
  • Fixed bug #71245 (file_get_contents() ignores "header" context option if it's a reference). (Laruence)
  • Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #71190 (substr_replace converts integers in original $search array to strings). (Laruence)
  • Fixed bug #71188 (str_replace converts integers in original $search array to strings). (Laruence)
  • Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)
  • WDDX:
  • Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization). (Stas)

New in PHP 7.0.3 RC 1 (January 19th, 2016)

  • Core:
  • Fixed bug #71336 (Wrong is_ref on properties as exposed via get_object_vars()). (Laruence)
  • Fixed bug #71248 (Wrong interface is enforced). (Dmitry)
  • Fixed bug #71300 (Segfault in zend_fetch_string_offset). (Laruence)
  • Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #71201 (round() segfault on 64-bit builds). (Anatol)
  • Added support for new HTTP 451 code. (Julien)
  • Fixed Bug #71275 (Bad method called on cloning an object having a trait). (Bob)
  • Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash). (Anatol)
  • Fixed bug #71297 (Memory leak with consecutive yield from). (Bob)
  • Fixed bug #71314 (var_export(INF) prints INF.0). (Andrea)
  • Apache2handler:
  • Fix >2G Content-Length headers in apache2handler. (Adam Harvey)
  • CURL:
  • Fixed bug #71227 (Can't compile php_curl statically). (Anatol)
  • Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile). (Laruence)
  • Interbase:
  • Fixed Bug #71305 (Crash when optional resource is omitted). (Laruence, Anatol)
  • LDAP:
  • Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string "Array"). (Laruence)
  • mbsgring:
  • Fixed bug #71397 (mb_send_mail segmentation fault). (Andrea, Yasuo)
  • SOAP:
  • Fixed bug #70979 (crash with bad soap request). (Anatol)
  • SPL:
  • Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading). (Laruence)
  • Fixed bug #71202 (Autoload function registered by another not activated immediately). (Laruence)
  • Session:
  • Improved fix for bug #68063 (Empty session IDs do still start sessions). (Yasuo)
  • Fixed bug #69111 (Crash in SessionHandler::read()) (Yasuo)
  • Fixed bug #71038 (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value. (Yasuo)
  • Fixed bug #71394 (session_regenerate_id() must close opened session on errors). (Yasuo)
  • Standard:
  • Fixed bug #71287 (Error message contains hexadecimal instead of decimal number). (Laruence)
  • Fixed bug #71264 (file_put_contents() returns unexpected value when filesystem runs full). (Laruence)
  • Fixed bug #71245 (file_get_contents() ignores "header" context option if it's a reference). (Laruence)
  • Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start). (hugh at allthethings dot co dot nz)
  • Fixed bug #71190 (substr_replace converts integers in original $search array to strings). (Laruence)
  • Fixed bug #71188 (str_replace converts integers in original $search array to strings). (Laruence)
  • Fixed bug #70720 (strip_tags improper php code parsing). (Julien)
  • Fixed bug #71132, #71197 (range() segfaults). (Thomas Punt)

New in PHP 7.0.2 (January 7th, 2016)

  • Core:
  • Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
  • Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls).
  • Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work).
  • Fixed bug #71092 (Segmentation fault with return type hinting).
  • Fixed bug memleak in header_register_callback.
  • Fixed bug #71067 (Local object in class method stays in memory for each call).
  • Fixed bug #66909 (configure fails utf8_to_mutf7 test).
  • Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
  • Fixed bug #71089 (No check to duplicate zend_extension).
  • Fixed bug #71086 (Invalid numeric literal parse error within highlight_string() function).
  • Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
  • Fixed bug #52355 (Negating zero does not produce negative zero).
  • Fixed bug #66179 (var_export() exports float as integer).
  • Fixed bug #70804 (Unary add on negative zero produces positive zero).
  • CURL:
  • Fixed bug #71144 (Sementation fault when using cURL with ZTS).
  • DBA:
  • Fixed key leak with invalid resource.
  • Filter:
  • Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).
  • FTP:
  • Implemented FR #55651 (Option to ignore the returned FTP PASV address).
  • FPM:
  • Fixed bug #70755 (fpm_log.c memory leak and buffer overflow).
  • GD:
  • Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds).
  • Mbstring:
  • Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).
  • Opcache:
  • Fixed bug #71127 (Define in auto_prepend_file is overwrite).
  • PCRE:
  • Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set).
  • Readline:
  • Fixed bug #71094 (readline_completion_function corrupts static array on second TAB).
  • Session:
  • Fixed bug #71122 (Session GC may not remove obsolete session data).
  • SPL:
  • Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).
  • Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays).
  • Standard:
  • Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions).
  • WDDX:
  • Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
  • Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
  • XMLRPC:
  • Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).

New in PHP 7.0.2 RC 1 (December 22nd, 2015)

  • Core:
  • Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7). (y dot uchiyama dot 1015 at gmail dot com)
  • Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls). (Laruence)
  • Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work). (Laruence)
  • Fixed bug #71092 (Segmentation fault with return type hinting). (Laruence)
  • Fixed bug memleak in header_register_callback. (Laruence)
  • Fixed bug #71067 (Local object in class method stays in memory for each call). (Laruence)
  • Fixed bug #66909 (configure fails utf8_to_mutf7 test). (Michael Orlitzky)
  • Fixed bug #70781 (Extension tests fail on dynamic ext dependency). (Francois Laupretre)
  • Fixed bug #71089 (No check to duplicate zend_extension). (Remi)
  • Fixed bug #71086 (Invalid numeric literal parse error within highlight_string() function). (Nikita)
  • Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse). (Nikita)
  • Fixed bug #52355 (Negating zero does not produce negative zero). (Andrea)
  • Fixed bug #66179 (var_export() exports float as integer). (Andrea)
  • Fixed bug #70804 (Unary add on negative zero produces positive zero). (Andrea)
  • CURL:
  • Fixed bug #71144 (Sementation fault when using cURL with ZTS). (Michael Maroszek, Laruence)
  • DBA:
  • Fixed key leak with invalid resource. (Laruence)
  • Filter:
  • Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work). (Reeze Xia)
  • FTP:
  • Implemented FR #55651 (Option to ignore the returned FTP PASV address). (abrender at elitehosts dot com)
  • Mbstring:
  • Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault). (Laruence)
  • Opcache:
  • Fixed bug #71127 (Define in auto_prepend_file is overwrite). (Laruence)
  • PCRE:
  • Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set). (Laruence)
  • Readline:
  • Fixed bug #71094 (readline_completion_function corrupts static array on second TAB). (Nikita)
  • Session:
  • Fixed bug #71122 (Session GC may not remove obsolete session data). (Yasuo)
  • SPL:
  • Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters). (Laruence)
  • Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays). (Nikita)

New in PHP 7.0.1 (December 17th, 2015)

  • Core:
  • Fixed bug #71105 (Format String Vulnerability in Class Name Error Message).
  • Fixed bug #70831 (Compile fails on system with 160 CPUs).
  • Fixed bug #71006 (symbol referencing errors on Sparc/Solaris).
  • Fixed bug #70997 (When using parentClass:: instead of parent::, static context changed).
  • Fixed bug #70970 (Segfault when combining error handler with output buffering).
  • Fixed bug #70967 (Weird error handling for __toString when Error is thrown).
  • Fixed bug #70958 (Invalid opcode while using ::class as trait method paramater default value).
  • Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions).
  • Fixed bug #70931 (Two errors messages are in conflict).
  • Fixed bug #70904 (yield from incorrectly marks valid generator as finished).
  • Fixed bug #70899 (buildconf failure in extensions).
  • Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).
  • Fixed \int (or generally every scalar type name with leading backslash) to not be accepted as type name.
  • Fixed exception not being thrown immediately into a generator yielding from an array.
  • Fixed bug #70987 (static::class within Closure::call() causes segfault).
  • Fixed bug #71013 (Incorrect exception handler with yield from).
  • Fixed double free in error condition of format printer.
  • CLI server:
  • Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()).
  • Intl:
  • Fixed bug #71020 (Use after free in Collator::sortWithSortKeys).
  • Mysqlnd:
  • Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
  • Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
  • OCI8:
  • Fixed LOB implementation size_t/zend_long mismatch reported by gcov.
  • Opcache:
  • Fixed #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server).
  • Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete element type).
  • Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1).
  • Phpdbg:
  • Fixed stderr being written to stdout.
  • Reflection:
  • Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).
  • Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6).
  • SPL:
  • Fixed bug #71028 (Undefined index with ArrayIterator).
  • SQLite3:
  • Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).
  • Standard:
  • Fixed bug #70999 (php_random_bytes: called object is not a function).
  • Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).
  • Streams/Socket:
  • Add IPV6_V6ONLY constant / make it usable in stream contexts.
  • Soap:
  • Fixed bug #70993 (Array key references break argument processing).
  • PDO_Firebird:
  • Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).

New in PHP 7.0.1 RC 1 (December 8th, 2015)

  • Core:
  • Fixed bug #70831 (Compile fails on system with 160 CPUs). (Daniel Axtens)
  • Fixed bug #71006 (symbol referencing errors on Sparc/Solaris). (Dmitry)
  • Fixed bug #70997 (When using parentClass:: instead of parent::, static context changed). (Dmitry)
  • Fixed bug #70970 (Segfault when combining error handler with output buffering). (Laruence)
  • Fixed bug #70967 (Weird error handling for __toString when Error is thrown). (Laruence)
  • Fixed bug #70958 (Invalid opcode while using ::class as trait method paramater default value). (Laruence)
  • Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions). (Laruence)
  • Fixed bug #70931 (Two errors messages are in conflict). (dams, Laruence)
  • Fixed bug #70904 (yield from incorrectly marks valid generator as finished). (Bob)
  • Fixed bug #70899 (buildconf failure in extensions). (Bob, Reeze)
  • Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions). (Lior Kaplan)
  • Fixed \int (or generally every scalar type name with leading backslash) to not be accepted as type name. (Bob)
  • Fixed exception not being thrown immediately into a generator yielding from an array. (Bob)
  • Fixed bug #70987 (static::class within Closure::call() causes segfault). (Andrea)
  • Fixed bug #71013 (Incorrect exception handler with yield from). (Bob)
  • Fixed double free in error condition of format printer. (Bob)
  • CLI server:
  • Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()). (Adam)
  • Intl:
  • Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). (emmanuel dot law at gmail dot com, Laruence)
  • Mysqlnd:
  • Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction). (Laruence)
  • Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag. (Andrey)
  • OCI8:
  • Fixed LOB implementation size_t/zend_long mismatch reported by gcov. (Senthil)
  • Opcache:
  • Fixed #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server). (Anatol)
  • Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete element type). (Laruence)
  • Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1). (Laruence)
  • Phpdbg:
  • Fixed stderr being written to stdout. (Bob)
  • Reflection:
  • Fixed bug #71018 (ReflectionProperty::setValue() behavior changed). (Laruence)
  • Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6). (Laruence)
  • SPL:
  • Fixed bug #71028 (Undefined index with ArrayIterator). (Laruence)
  • SQLite3:
  • Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead of internal buffer). (Laruence)
  • Standard:
  • Fixed bug #70999 (php_random_bytes: called object is not a function). (Scott)
  • Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters). (Laruence)
  • Streams/Socket:
  • Add IPV6_V6ONLY constant / make it usable in stream contexts. (Bob)
  • Soap:
  • Fixed bug #70993 (Array key references break argument processing). (Laruence)
  • PDO_Firebird:
  • Fixed bug #60052 (Integer returned as a 64bit integer on X64_86). (Mariuz)

New in PHP 7.0.0 (December 4th, 2015)

  • Comes with a new version of the Zend Engine, numerous improvements and new features such as:
  • Improved performance: PHP 7 is up to twice as fast as PHP 5.6
  • Significantly reduced memory usage
  • Abstract Syntax Tree
  • Consistent 64-bit support
  • Improved Exception hierarchy
  • Many fatal errors converted to Exceptions
  • Secure random number generator
  • Removed old and unsupported SAPIs and extensions
  • The null coalescing operator (??)
  • Return and Scalar Type Declarations
  • Anonymous Classes
  • Zero cost asserts

New in PHP 5.6.16 (November 27th, 2015)

  • Core:
  • Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a non-existent constant).
  • Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
  • Mysqlnd:
  • Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
  • OCI8:
  • Fixed bug #68298 (OCI int overflow).
  • PDO_DBlib:
  • Fixed bug #69757 (Segmentation fault on nextRowset).
  • SOAP:
  • Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute).
  • SPL:
  • Fixed bug #70852 (Segfault getting NULL offset of an ArrayObject).

New in PHP 7.0.0 RC 8 (November 25th, 2015)

  • Core:
  • Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED). (Laruence)
  • Fixed bug #70914 (zend_throw_or_error() format string vulnerability). (Taoguang Chen)
  • Fixed bug #70912 (Null ptr dereference instantiating class with invalid array property). (Laruence)
  • Fixed bug #70895, #70898 (null ptr deref and segfault with crafted calable). (Anatol, Laruence)
  • OCI8:
  • Fixed memory leak with LOBs. (Senthil)
  • SOAP:
  • Fixed bug #70940 (Segfault in soap / type_to_string). (Remi)
  • Fixed bug #70900 (SoapClient systematic out of memory error). (Dmitry)
  • SPL:
  • Fixed bug #70959 (ArrayObject unserialize does not restore protected fields). (Laruence)
  • Standard:
  • Fixed count on symbol tables. (Laruence)
  • Fixed bug #70963 (Unserialize shows UNKNOWN in result). (Laruence)
  • Fixed bug #70910 (extract() breaks variable references). (Laruence)

New in PHP 5.6.16 RC1 (November 11th, 2015)

  • Core:
  • Fixed bug #70828 (php-fpm 5.6 with opcache crashes when referencing a non-existent constant). (Laruence)
  • Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l). (Laruence)
  • OCI8:
  • Fixed bug #68298 (OCI int overflow) (Senthil).
  • PDO_DBlib:
  • Fixed bug #69757 (Segmentation fault on nextRowset). (miracle at rpz dot name)
  • SOAP:
  • Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute). (Matteo)
  • SPL:
  • Fixed bug #70852 Segfault getting NULL offset of an ArrayObject. (Reeze Xia)

New in PHP 7.0.0 RC 7 (November 10th, 2015)

  • Core:
  • Fixed bug #70805 (Segmentation faults whilst running Drupal 8 test suite). (Dmitry, Laruence)
  • Fixed bug #70842 (Persistent Stream Segmentation Fault). (Caleb Champlin)
  • Fixed bug #70862 (Several functions do not check return code of php_stream_copy_to_mem()). (Anatol)
  • Fixed bug #70863 (Incorect logic to increment_function for proxy objects). (Anatol)
  • Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause segfaults). (Aharvey, Laruence)
  • Fixed bug #70873 (Regression on private static properties access). (Laruence)
  • OCI8:
  • Fixed bug #68298 (OCI int overflow) (Senthil).
  • Opcache:
  • Fixed bug #70656 (require() statement broken after opcache_reset() or a few hours of use). (Laruence)
  • Fixed bug #70843 (Segmentation fault on MacOSX with opcache.file_cache_only=1). (Laruence)
  • PDO:
  • Fix bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8 test suite). (Anatol)
  • Session:
  • Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode). (Laruence)
  • SOAP:
  • Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute). (Matteo)
  • SPL:
  • Fixed bug #70853 (SplFixedArray throws exception when using ref variable as index). (Laruence)
  • Fixed bug #70868 (PCRE JIT and pattern reuse segfault). (Laruence)
  • Standard:
  • Fixed bug #70808 (array_merge_recursive corrupts memory of unset items). (Laruence)
  • XSL:
  • Fixed bug #70678 (PHP7 returns true when false is expected). (Felipe)

New in PHP 5.6.15 (October 29th, 2015)

  • Core:
  • Fixed bug #70681 (Segfault when binding $this of internal instance method to null). (Nikita)
  • Fixed bug #70685 (Segfault for getClosure() internal method rebind with invalid $this). (Nikita)
  • Date:
  • Fixed bug #70619 (DateTimeImmutable segfault). (Laruence)
  • Mcrypt:
  • Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was specified under RC4). (Nikita)
  • Mysqlnd:
  • Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
  • (Andrey)
  • Fixed bug #70572 segfault in mysqlnd_connect. (Andrey, Remi)
  • Opcache:
  • Fixed bug #70632 (Third one of segfault in gc_remove_from_buffer). (Laruence)
  • Fixed bug #70631 (Another Segfault in gc_remove_from_buffer()). (Laruence)
  • Fixed bug #70601 (Segfault in gc_remove_from_buffer()). (Laruence)
  • Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)

New in PHP 7.0.0 RC 6 (October 28th, 2015)

  • Core:
  • Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l). (Laruence)
  • Fixed bug #70689 (Exception handler does not work as expected). (Laruence)
  • Fixed bug #70430 (Stack buffer overflow in zend_language_parser()). (Nikita)
  • Fixed bug #70782 (null ptr deref and segfault (zend_get_class_fetch_type)). (Nikita)
  • Fixed bug #70785 (Infinite loop due to exception during identical comparison). (Laruence)
  • Opcache:
  • Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10). (Laruence)
  • PDO_DBlib:
  • Fixed bug #69757 (Segmentation fault on nextRowset). (miracle at rpz dot name)
  • SOAP:
  • Fixed bug #70715 (Segmentation fault inside soap client). (Laruence)
  • Fixed bug #70709 (SOAP Client generates Segfault). (Laruence)
  • SPL:
  • Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in serialize()). (Laruence)

New in PHP 7.0.0 RC 5 (October 13th, 2015)

  • Core:
  • Fixed bug #70630 (Closure::call/bind() crash with ReflectionFunction-> getClosure()). (Dmitry, Bob)
  • Fixed bug #70662 (Duplicate array key via undefined index error handler). (Nikita)
  • Fixed bug #70681 (Segfault when binding $this of internal instance method to null). (Nikita)
  • Fixed bug #70685 (Segfault for getClosure() internal method rebind with invalid $this). (Nikita)
  • Mcrypt:
  • Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was specified under RC4). (Nikita)
  • Opcache:
  • Fixed compatibility with Windows 10 (see also bug #70652). (Anatol)
  • Phpdbg:
  • Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions). (Bob)
  • Reflection:
  • Fixed bug #70650 (Wrong docblock assignment). (Marcio)
  • Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used for internal functions). (Dmitry, Bob)
  • Standard:
  • Fixed bug #70667 (strtr() causes invalid writes and a crashes). (Dmitry)
  • Fixed bug #70668 (array_keys() doesn't respect references when $strict is true). (Bob, Dmitry)

New in PHP 5.6.14 (October 2nd, 2015)

  • Core:
  • Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions).
  • CLI server:
  • Fixed bug #68291 (404 on urls with '+').
  • DOM:
  • Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding).
  • Mysqlnd:
  • Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server).
  • OpenSSL:
  • Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource).
  • Fixed bug #70395 (Missing ARG_INFO for openssl_seal()).
  • Fixed bug #60632 (openssl_seal fails with AES).
  • Fixed bug #68312 (Lookup for openssl.cnf causes a message box).
  • PDO:
  • Fixed bug #70389 (PDO constructor changes unrelated variables).
  • Phar:
  • Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
  • Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").
  • Phpdbg:
  • Fix phpdbg_break_next() sometimes not breaking.
  • Standard:
  • Fixed bug #67131 (setcookie() conditional for empty values not met).
  • Streams:
  • Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
  • Zip:
  • Fixed bug #70322 (ZipArchive::close() doesn't indicate errors).

New in PHP 7.0.0 RC 3 (October 1st, 2015)

  • Core:
  • Fixed bug #70431 (Memory leak in php_ini.c).
  • Fixed bug #70478 (**= does no longer work).
  • CLI server:
  • Fixed bug #68291 (404 on urls with '+').
  • DOM:
  • Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding).
  • Intl:
  • Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing constants).
  • Fixed bug #70454 (IntlChar::forDigit second parameter should be optional).
  • Mysqlnd:
  • Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server).
  • Opcache:
  • Fixed bug #70423 (Warning Internal error: wrong size calculation).
  • OpenSSL:
  • Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource).
  • Fixed bug #70395 (Missing ARG_INFO for openssl_seal()).
  • Fixed bug #60632 (openssl_seal fails with AES).
  • Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open)
  • Phpdbg:
  • Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing constants).
  • Session:
  • Fixed bug #70013 (Reference to $_SESSION is lost after a call to session_regenerate_id()).
  • Standard:
  • Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`.
  • Fixed bug #70487 (pack('x') produces an error).
  • Streams:
  • Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
  • XMLReader:
  • Fixed bug #70309 (XmlReader read generates extra output).
  • Zip:
  • Fixed bug #70322 (ZipArchive::close() doesn't indicate errors).

New in PHP 5.6.13 (September 7th, 2015)

  • Core:
  • Fixed bug #69900 (Too long timeout on pipes).
  • Fixed bug #69487 (SAPI may truncate POST data).
  • Fixed bug #70198 (Checking liveness does not work as expected).
  • Fixed bug #70172 (Use After Free Vulnerability in unserialize()).
  • Fixed bug #70219 (Use after free vulnerability in session deserializer).
  • CLI server:
  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
  • Fixed bug #70264 (CLI server directory traversal).
  • Date:
  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).
  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
  • EXIF:
  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
  • hash:
  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
  • MCrypt:
  • Fixed bug #69833 (mcrypt fd caching not working).
  • Opcache:
  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).
  • PCRE:
  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match).
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
  • SOAP:
  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
  • SPL:
  • Fixed bug #70290 (Null pointer deref (segfault) in spl_autoload via ob_start).
  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
  • Standard:
  • Fixed bug #70052 (getimagesize() fails for very large and very small WBMP).
  • Fixed bug #70157 (parse_ini_string() segmentation fault with INI_SCANNER_TYPED).
  • XSLT:
  • Fixed bug #69782 (NULL pointer dereference).
  • ZIP:
  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories).

New in PHP 7.0.0 RC 2 (September 4th, 2015)

  • Core:
  • Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex). (Dmitry, Bob, Laruence)
  • Fixed bug #70332 (Wrong behavior while returning reference on object). (Laruence, Dmitry)
  • Fixed bug #70300 (Syntactical inconsistency with new group use syntax). (marcio dot web2 at gmail dot com)
  • Fixed bug #70321 (Magic getter breaks reference to array property). (Laruence)
  • Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized data) (Dmitry)
  • Fixed bug #70145 (From field incorrectly parsed from headers). (Anatol)
  • Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions). (Adam)
  • Fixed bug causing exception traces with anon classes to be truncated. (Bob)
  • Fixed bug #70397 (Segmentation fault when using Closure::call and yield). (Bob)
  • Curl:
  • Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle"). (Laruence)
  • EXIF:
  • Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes). (Stas)
  • hash:
  • Fixed bug #70312 (HAVAL gives wrong hashes in specific cases). (letsgolee at naver dot com)
  • Mysqli:
  • Fixed bug #32490 (constructor of mysqli has wrong name). (cmb)
  • Pcntl:
  • Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED and WIFCONTINUED). (Matteo)
  • PCRE:
  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb)
  • Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions). (Anatol Belski)
  • PDO:
  • Fixed bug #70389 (PDO constructor changes unrelated variables). (Laruence)
  • PDO_OCI:
  • Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored). (Chris Jones)
  • SOAP:
  • Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE). (Stas)
  • SPL:
  • Fixed bug #70303 (Incorrect constructor reflection for ArrayObject). (cmb)
  • Standard:
  • Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't working). (Laruence)
  • Fixed bug #70295 (Segmentation fault with setrawcookie). (Bob)
  • Fixed bug #67131 (setcookie() conditional for empty values not met). (cmb)
  • Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com)
  • Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)
  • Reflection:
  • Fixed bug causing bogus traces for ReflectionGenerator::getTrace(). (Bob)
  • XSLT:
  • Fixed bug #69782 (NULL pointer dereference). (Stas)
  • ZIP:
  • Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (neal at fb dot com)

New in PHP 7.0.0 RC 1 (August 18th, 2015)

  • Core:
  • Fixed bug #70288 (Apache crash related to ZEND_SEND_REF). (Laruence)
  • Fixed bug #70262 (Accessing array crashes PHP 7.0beta3). (Laruence, Dmitry)
  • Fixed bug #70258 (Segfault if do_resize fails to allocated memory). (Laruence)
  • Fixed bug #70253 (segfault at _efree () in zend_alloc.c:1389). (Laruence)
  • Fixed bug #70240 (Segfault when doing unset($var());). (Laruence)
  • Fixed bug #70223 (Incrementing value returned by magic getter). (Laruence)
  • Fixed bug #70215 (Segfault when __invoke is static). (Bob)
  • Fixed bug #70207 (Finally is broken with opcache). (Laruence, Dmitry)
  • Fixed bug #70173 (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc). (Laruence, cmb)
  • Fixed bug #69487 (SAPI may truncate POST data). (cmb)
  • Fixed bug #70198 (Checking liveness does not work as expected). (Shafreeck Sea, Anatol Belski)
  • Fixed bug #70241/#70293 (Skipped assertions affect Generator returns). (Bob)
  • Fixed bug #70239 (Creating a huge array doesn't result in exhausted, but segfault). (Laruence, Anatol)
  • CLI server:
  • Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE). (wusuopu, cmb)
  • Fixed bug #70264 (CLI server directory traversal). (cmb)
  • Date:
  • Fixed bug #70245 (strtotime does not emit warning when 2nd parameter is object or string). (cmb)
  • Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional). (cmb)
  • Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte). (cmb)
  • MCrypt:
  • Fixed bug #69833 (mcrypt fd caching not working). (Anatol)
  • Opcache:
  • Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled). (Dmitry, Laruence)
  • PCRE:
  • Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match). (cmb)
  • PDO:
  • Fixed bug #70272 (Segfault in pdo_mysql). (Laruence)
  • Fixed bug #70221 (persistent sqlite connection + custom function segfaults). (Laruence)
  • Phpdbg:
  • Fixed bug #70214 (FASYNC not defined, needs sys/file.h include). (Bob)
  • Standard:
  • Fixed bug #70250 (extract() turns array elements to references). (Laruence)
  • Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free). (Laruence)
  • Fixed bug #70208 (Assert breaking access on objects). (Bob)

New in PHP 5.6.12 (August 7th, 2015)

  • Core:
  • Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
  • Fixed bug #70002 (TS issues with temporary dir handling). (Anatol)
  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). (Stas)
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). (Stas)
  • CLI server:
  • Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
  • Fixed bug #64878 (304 responses return Content-Type header). (cmb)
  • GD:
  • Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
  • Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
  • Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
  • Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
  • Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
  • Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
  • Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
  • Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
  • Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
  • Fixed bug #68714 (copy 'n paste error). (cmb)
  • Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
  • Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
  • ODBC:
  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (cmb)
  • OpenSSL:
  • Fixed bug #69882 (OpenSSL error “key values mismatch” after openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (Stas)
  • Phar:
  • Improved fix for bug #69441. (Anatol Belski)
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (Anatol Belski)
  • SOAP:
  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). (Stas)
  • SPL:
  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (sean.heelan)
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (taoguangchen at icloud dot com)
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com)
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)
  • Standard:
  • Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)

New in PHP 5.6.12 RC 1 (August 6th, 2015)

  • Core:
  • Fixed bug #70012 (Exception lost with nested finally block). (Laruence)
  • CLI server:
  • Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
  • Fixed bug #64878 (304 responses return Content-Type header). (cmb)
  • GD:
  • Fixed bug #53156 (imagerectangle problem with point ordering). (cmb)
  • Fixed bug #66387 (Stack overflow with imagefilltoborder). (cmb)
  • Fixed bug #70102 (imagecreatefromwebm() shifts colors). (cmb)
  • Fixed bug #66590 (imagewebp() doesn't pad to even length). (cmb)
  • Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px). (cmb)
  • Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory). (cmb)
  • Fixed bug #69024 (imagescale segfault with palette based image). (cmb)
  • Fixed bug #53154 (Zero-height rectangle has whiskers). (cmb)
  • Fixed bug #67447 (imagecrop() add a black line when cropping). (cmb)
  • Fixed bug #68714 (copy 'n paste error). (cmb)
  • Fixed bug #66339 (PHP segfaults in imagexbm). (cmb)
  • Fixed bug #70047 (gd_info() doesn't report WebP support). (cmb)
  • ODBC:
  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (cmb)
  • OpenSSL:
  • Fixed bug #69882 (OpenSSL error “key values mismatch” after openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
  • Standard:
  • Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes). (cmb)

New in PHP 7.0.0 Beta 3 (August 6th, 2015)

  • Core:
  • Fixed "finally" issues. (Nikita, Dmitry)
  • Fixed bug #70098 (Real memory usage doesn't decrease). (Dmitry)
  • Fixed bug #70159 (__CLASS__ is lost in closures). (Julien)
  • Fixed bug #70156 (Segfault in zend_find_alias_name). (Laruence)
  • Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION). (Laruence)
  • Fixed bug #70117 (Unexpected return type error). (Laruence)
  • Fixed bug #70106 (Inheritance by anonymous class). (Bob)
  • Fixed bug #69674 (SIGSEGV array.c:953). (cmb)
  • Fixed bug #70164 (__COMPILER_HALT_OFFSET__ under namespace is not defined). (Bob)
  • Fixed bug #70108 (sometimes empty $_SERVER['QUERY_STRING']). (Anatol)
  • Fixed bug #70179 ($this refcount issue). (Bob)
  • Fixed bug #69896 ('asm' operand has impossible constraints). (Anatol)
  • Fixed bug #70183 (null pointer deref (segfault) in zend_eval_const_expr). (Hugh Davenport)
  • Fixed bug #70182 (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER). (Hugh Davenport)
  • Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls). (Stas)
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
  • Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref). (Stas)
  • Curl:
  • Fixed bug #70163 (curl_setopt_array() type confusion). (Laruence)
  • IMAP:
  • Fixed bug #70158 (Building with static imap fails). (cmb)
  • Fixed bug #69998 (curl multi leaking memory). (Pierrick)
  • Opcache:
  • Fixed bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast). (Laruence)
  • OpenSSL:
  • Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (Stas)
  • Phar:
  • Improved fix for bug #69441. (Anatol Belski)
  • Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory). (Anatol Belski)
  • Phpdbg:
  • Fixed bug #70138 (Segfault when displaying memory leaks). (Bob)
  • SOAP:
  • Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions). (Stas)
  • SPL:
  • Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items). (sean.heelan)
  • Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject). (taoguangchen at icloud dot com)
  • Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage). (taoguangchen at icloud dot com)
  • Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList). (taoguangchen at icloud dot com)
  • Standard:
  • Fixed bug #70140 (str_ireplace/php_string_tolower Arbitrary Code
  • Implemented #70112 (Allow "dirname" to go up various times). (Remi) Execution). (Laruence)
  • Fixed bug #36365 (scandir duplicates file name at every 65535th file). (cmb)

New in PHP 5.6.11 (July 10th, 2015)

  • Core:
  • Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
  • Fixed bug #69703 (Use __builtin_clzl on PowerPC). (dja at axtens dot net, Kalle)
  • Fixed bug #69732 (can induce segmentation fault with basic php code). (Dmitry)
  • Fixed bug #69642 (Windows 10 reported as Windows 8). (Christian Wenz, Anatol Belski)
  • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker)
  • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz)
  • Fixed bug #69740 (finally in generator (yield) swallows exception in iteration). (Nikita)
  • Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz)
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
  • Fixed bug #69874 (Can't set empty additional_headers for mail()), regression from fix to bug #68776. (Yasuo)
  • GD:
  • Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
  • GMP:
  • Fixed bug #69803 (gmp_random_range() modifies second parameter if GMP number). (Nikita)
  • PCRE:
  • Fixed Bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb)
  • Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
  • PDO_pgsql:
  • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter)
  • Fixed bug #69362 (PDO-pgsql fails to connect if password contains a leading single quote). (Matteo)
  • Fixed bug #69344 (PDO PgSQL Incorrect binding numeric array with gaps). (Matteo)
  • SimpleXML:
  • Refactored the fix for bug #66084 (simplexml_load_string() mangles empty node name). (Christoph Michael Becker)
  • SPL:
  • Fixed bug #69737 (Segfault when SplMinHeap::compare produces fatal error). (Stas)
  • Fixed bug #67805 (SplFileObject setMaxLineLength). (Willian Gustavo Veiga).
  • Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence)
  • Sqlite3:
  • Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence)

New in PHP 7.0.0 Beta 1 (July 8th, 2015)

  • Core:
  • Fixed bug #70006 (cli function with default arg = STDOUT crash output). (Laruence)
  • Fixed bug #69521 (Segfault in gc_collect_cycles()). (arjen at react dot com, Laruence)
  • Improved zend_string API (Francois Laupretre)
  • Fixed bug #69955 (Segfault when trying to combine [] and assign-op on ArrayAccess object). (Laruence)
  • Fixed bug #69957 (Different ways of handling div/mod/intdiv). (Bob)
  • Fixed bug #69900 (Too long timeout on pipes). (Anatol)
  • Fixed bug #62210 (Exceptions can leak temporary variables. As a part of the fix serious refactoring was done. op_array->brk_cont_array was removed, and replaced with more general and speed efficient op_array->T_liveliness. ZEND_GOTO opcode is always replaced by ZEND_JMP at compile time). (Bob, Dmitry, Laruence)
  • CLI server:
  • Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL). (cmb)
  • Fixed bug #64878 (304 responses return Content-Type header). (cmb)
  • COM:
  • Fixed bug #69939 (Casting object to bool returns false). (Kalle)
  • JSON:
  • Fixed bug #62010 (json_decode produces invalid byte-sequences). (Jakub Zelenka)
  • OCI8:
  • Corrected oci8 hash destructors to prevent segfaults, and a few other fixes. (Cameron Porter)
  • ODBC:
  • Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns). (cmb)
  • OpenSSL:
  • Fixed bug #69882 (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert) (Tomasz Sawicki)
  • PCRE:
  • Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string). (cmb)
  • Session:
  • Fixed bug #69952 (Data integrity issues accessing superglobals by reference). (Bob)
  • SPL:
  • Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()). (Laruence)
  • Standard:
  • Fixed bug #69983 (get_browser fails with user agent of null). (Kalle, cmb, Laruence)
  • Fixed bug #69976 (Unable to parse "all" urls with colon char). (cmb)
  • Fixed bug #69768 (escapeshell*() doesn't cater to !). (cmb)
  • Sqlite3:
  • Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()). (Laruence)

New in PHP 7.0.0 Alpha 2 (June 24th, 2015)

  • Core:
  • Fixed bug #69872 (uninitialised value in strtr with array). (Laruence)
  • Fixed bug #69868 (Invalid read of size 1 in zend_compile_short_circuiting). (Laruence)
  • Fixed bug #69849 (Broken output of apache_request_headers). (Kalle)
  • Fixed bug #69840 (iconv_substr() doesn't work with UTF-16BE). (Kalle)
  • Fixed bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33 extensions are loaded). (Laruence)
  • Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name). (Laruence)
  • Fixed bug #69802 (Reflection on Closure::__invoke borks type hint class name). (Dmitry)
  • Fixed bug #69761 (Serialization of anonymous classes should be prevented). (Laruence)
  • Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault). (Christoph M. Becker)
  • Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business"). (Christian Wenz)
  • Fixed bug #69835 (phpinfo() does not report many Windows SKUs). (Christian Wenz)
  • Fixed bug #69889 (Null coalesce operator doesn't work for string offsets). (Nikita)
  • Fixed bug #69891 (Unexpected array comparison result). (Nikita)
  • Fixed bug #69892 (Different arrays compare indentical due to integer key truncation). (Nikita)
  • Fixed bug #69893 (Strict comparison between integer and empty string keys crashes). (Nikita)
  • DOM:
  • Fixed bug #69846 (Segmenation fault (access violation) when iterating over DOMNodeList). (Anatol Belski)
  • GD:
  • Fixed bug #61221 (imagegammacorrect function loses alpha channel). (cmb)
  • mysqlnd:
  • Fixed Bug #69796 (mysqli_stmt::fetch doesn't assign null values to bound variables). (Laruence)
  • Curl:
  • Fixed bug #69831 (Segmentation fault in curl_getinfo). (im dot denisenko at yahoo dot com)
  • Opcache:
  • Removed opcache.load_comments configuration directive. Now doc comments loading costs nothing and always enabled. (Dmitry)
  • Fixed bug #69838 (Wrong size calculation for function table). (Anatol)
  • PCRE:
  • Fixed bug #69864 (Segfault in preg_replace_callback) (cmb, ab)
  • PDO_pgsql:
  • Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u). (Philip Hofstetter)
  • SPL:
  • Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken). (Dmitry)
  • SQLite3:
  • Fixed bug #69897 (segfault when manually constructing SQLite3Result). (Kalle)
  • Standard:
  • Fixed bug #62922 (Truncating entire string should result in string). (Nikita)

New in PHP 5.6.10 (June 12th, 2015)

  • Core:
  • Fixed bug #66048 (temp. directory is cached during multiple requests).
  • Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait).
  • Fixed bug #69599 (Strange generator+exception+variadic crash).
  • Fixed bug #69628 (complex GLOB_BRACE fails on Windows).
  • Fixed POST data processing slowdown due to small input buffer size on Windows.
  • Fixed bug #69646 (OS command injection vulnerability in escapeshellarg).
  • Fixed bug #69719 (Incorrect handling of paths with NULs).
  • FTP:
  • Improved fix for bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow).
  • GD:
  • Fixed bug #69479 (GD fails to build with newer libvpx).
  • Iconv:
  • Fixed bug #48147 (iconv with //IGNORE cuts the string).
  • Litespeed SAPI:
  • Fixed bug #68812 (Unchecked return value).
  • Mail:
  • Fixed bug #68776 (mail() does not have mail header injection prevention for additional headers).
  • MCrypt:
  • Added file descriptor caching to mcrypt_create_iv() (Leigh)
  • Opcache:
  • Fixed bug #69549 (Memory leak with opcache.optimization_level=0xFFFFFFFF).
  • PCRE:
  • Upgraded pcrelib to 8.37. (CVE-2015-2325, CVE-2015-2326)
  • Phar:
  • Fixed bug #69680 (phar symlink in binary directory broken).
  • Postgres:
  • Fixed bug #69667 (segfault in php_pgsql_meta_data).
  • Sqlite3:
  • Upgrade bundled sqlite to 3.8.10.2. (CVE-2015-3414, CVE-2015-3415, CVE-2015-3416)

New in PHP 7.0.0 Alpha 1 (June 11th, 2015)

  • Core:
  • Fixed bug #69767 (Default parameter value with wrong type segfaults). (cmb, Laruence)
  • Fixed bug #69756 (Fatal error: Nesting level too deep recursive dependency ? with ===). (Dmitry, Laruence)
  • Fixed bug #69758 (Item added to array not being removed by array_pop/shift ). (Laruence)
  • Fixed bug #68475 (Add support for $callable() sytnax with 'Class::method'). (Julien, Aaron Piotrowski)
  • Fixed bug #69485 (Double free on zend_list_dtor). (Laruence)
  • Fixed bug #69427 (Segfault on magic method __call of private method in superclass). (Laruence)
  • Improved __call() and __callStatic() magic method handling. Now they are called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without additional stack frame. (Laruence, Dmitry)
  • Optimized strings concatenation. (Dmitry, Laruence)
  • Fixed weird operators behavior. Division by zero now emits warning and returns +/-INF, modulo by zero and intdid() throws an exception, shifts by negative offset throw exceptions. Compile-time evaluation of division by zero is disabled. (Dmitry, Andrea, Nikita)
  • Fixed bug #69371 (Hash table collision leads to inaccessible array keys). (Laruence)
  • Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property). (Laruence, arjen at react dot com)
  • Fixed bug #68252 (segfault in Zend/zend_hash.c in function _zend_hash_del_el). (Laruence)
  • Fixed bug #65598 (Closure executed via static autoload incorrectly marked as static). (Nikita)
  • Fixed bug #66811 (Cannot access static::class in lambda, writen outside of a class). (Nikita)
  • Fixed bug #69568 (call a private function in closure failed). (Nikita)
  • Added PHP_INT_MIN constant. (Andrea)
  • Added Closure::call() method. (Andrea)
  • Fixed bug #67959 (Segfault when calling phpversion('spl')). (Florian)
  • Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`. (Timm)
  • Added options parameter for unserialize allowing to specify acceptable classes (http://wiki.php.net/rfc/secure_unserialize). (Stas)
  • Fixed bug #63734 (Garbage collector can free zvals that are still referenced). (Dmitry)
  • Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier. (Guilherme Blanco)
  • is_long() & is_integer() is now an alias of is_int(). (Kalle)
  • Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes). (Kalle)
  • Added ?? operator. (Andrea)
  • Added operator. (Andrea)
  • Added \u{xxxxx} Unicode Codepoint Escape Syntax. (Andrea)
  • Fixed oversight where define() did not support arrays yet const syntax did. (Andrea, Dmitry)
  • Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages. (Andrea)
  • Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output buffering handler). (Kalle)
  • Removed scoped calls of non-static methods from an incompatible $this context. (Nikita)
  • Removed support for #-style comments in ini files. (Nikita)
  • Removed support for assigning the result of new by reference. (Nikita)
  • Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31. (Andrea)
  • Removed dl() function on fpm-fcgi. (Nikita)
  • Removed support for hexadecimal numeric strings. (Nikita)
  • Removed obsolete extensions and SAPIs. See the full list in UPGRADING. (Anatol)
  • Added NULL byte protection to exec, system and passthru. (Yasuo)
  • Added error_clear_last() function. (Reeze Xia)
  • Fixed bug #68797 (Number 2.2250738585072012e-308 converted incorrectly). (Anatol)
  • Improved zend_qsort(using hybrid sorting algo) for better performance, and also renamed zend_qsort to zend_sort. (Laruence)
  • Added stable sorting algo zend_insert_sort. (Laruence)
  • Implemented the RFC `Scalar Type Decalarations v0.5`. (Anthony)
  • Implemented the RFC `Group Use Declarations`. (Marcio)
  • Implemented the RFC `Continue Output Buffering`. (Mike)
  • Implemented the RFC `Constructor behaviour of internal classes`. (Dan, Dmitry)
  • Implemented the RFC `Fix "foreach" behavior`. (Dmitry)
  • Implemented the RFC `Generator Delegation`. (Bob)
  • Implemented the RFC `Anonymous Class Support`. (Joe, Nikita, Dmitry)
  • Implemented the RFC `Context Sensitive Lexer`. (Marcio Almada)
  • Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink). (Jan Starke, Anatol)
  • CLI server:
  • Refactor MIME type handling to use a hash table instead of linear search. (Adam)
  • Update the MIME type list from the one shipped by Apache HTTPD. (Adam)
  • Added support for SEARCH WebDav method. (Mats Lindh)
  • Curl:
  • Fixed bug #68937 (Segfault in curl_multi_exec). (Laruence)
  • Removed support for unsafe file uploads. (Nikita)
  • Date:
  • Fixed day_of_week function as it could sometimes return negative values internally. (Derick)
  • Removed $is_dst parameter from mktime() and gmmktime(). (Nikita)
  • Removed date.timezone warning (http://wiki.php.net/rfc/date.timezone_warning_removal). (Bob)
  • Added "v" DateTime format modifier to get the 3-digit version of fraction of seconds. (Mariano Iglesias)
  • Implemented FR #69089: Added DateTime::RFC3339_EXTENDED to output in RFC3339 Extended format which includes fraction of seconds (Mariano Iglesias)
  • DBA:
  • Fixed bug #62490 (dba_delete returns true on missing item (inifile)). (Mike)
  • Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
  • DOM:
  • Made DOMNode::textContent writeable. (Tjerk)
  • GD:
  • Made fontFetch's path parser thread-safe. (Sara)
  • Removed T1Lib support. (Kalle)
  • Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed). (ArdB)
  • Filter:
  • New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL. (Kevin Dunglas)
  • FPM:
  • Fixed bug #68945 (Unknown admin values segfault pools). (Laruence)
  • Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes). (Chris Wright)
  • Implement request #67106 (Split main fpm config). (Elan Ruusamäe, Remi)
  • FTP:
  • Fixed bug #69082 (FTPS support on Windows). (Anatol)
  • Intl:
  • Removed deprecated aliases datefmt_set_timezone_id() and IntlDateFormatter::setTimeZoneID(). (Nikita)
  • JSON:
  • Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 (JSON extension includes a problematic license statement). (Jakub Zelenka)
  • Fixed bug #68938 (json_decode() decodes empty string without error). (jeremy at bat-country dot us)
  • LDAP:
  • Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE). (Andreas Heigl)
  • LiteSpeed:
  • Updated LiteSpeed SAPI code from V5.5 to V6.6. (George Wang)
  • libxml:
  • Fixed handling of big lines in error messages with libxml >= 2.9.0. (Christoph M. Becker)
  • Mcrypt:
  • Fixed possible read after end of buffer and use after free. (Dmitry)
  • Removed mcrypt_generic_end() alias. (Nikita)
  • Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb(). (Nikita)
  • Opcache:
  • Fixed bug #69688 (segfault with eval and opcache fast shutdown). (Laruence)
  • Added experimental (disabled by default) file based opcode cache. (Dmitry, Laruence, Anatol)
  • Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence)
  • Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache). (Laruence)
  • OpenSSL:
  • Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output.
  • Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead. (Nikita)
  • pcntl:
  • Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien)
  • Added wifcontinued and wcontinued. (xilon-jul)
  • Added rusage support to pcntl_wait() and pcntl_waitpid(). (Anton Stepanenko, Tony)
  • PCRE:
  • Removed support for the /e (PREG_REPLACE_EVAL) modifier. (Nikita)
  • PDO:
  • Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h"). (maxime dot besson at smile dot fr)
  • PDO_mysql:
  • Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com)
  • PDO_pgsql:
  • Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES). (Nikita)
  • Reflection
  • Fixed inheritance chain of Reflector interface. (Tjerk)
  • Added ReflectionGenerator class. (Bob)
  • Added reflection support for return types and type declarations. (Sara, Matteo)
  • Session:
  • Fixed bug #67694 (Regression in session_regenerate_id()). (Tjerk)
  • Fixed bug #68941 (mod_files.sh is a bash-script). (bugzilla at ii.nl, Yasuo)
  • SOAP:
  • Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence)
  • SPL:
  • Changed ArrayIterator implementation using zend_hash_iterator_... API. Allowed modification of iterated ArrayObject using the same behavior as proposed in `Fix "foreach" behavior`. Removed "Array was modified outside object and internal position is no longer valid" hack. (Dmitry)
  • Implemented #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state). (Julien)
  • Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin)
  • Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)
  • Standard:
  • Fixed bug #69723 (Passing parameters by reference and array_column). (Laruence)
  • Fixed bug #69523 (Cookie name cannot be empty). (Christoph M. Becker)
  • Fixed bug #69325 (php_copy_file_ex does not pass the argument). (imbolk at gmail dot com)
  • Fixed bug #69299 (Regression in array_filter's $flag argument in PHP 7). (Laruence)
  • Removed call_user_method() and call_user_method_array() functions. (Kalle)
  • Fixed user session handlers (See rfc:session.user.return-value). (Sara)
  • Added intdiv() function. (Andrea)
  • Improved precision of log() function for base 2 and 10. (Marc Bennewitz)
  • Remove string category support in setlocale(). (Nikita)
  • Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime(). (Nikita)
  • Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey)
  • Added preg_replace_callback_array function. (Wei Dai)
  • Deprecated salt option to password_hash. (Anthony)
  • Fixed bug #69686 (password_verify reports back error on PHP7 will null string). (Anthony)
  • Added Windows support for getrusage(). (Kalle)
  • Removed hardcoded limit on number of pipes in proc_open(). (Tony)
  • Streams:
  • Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de)
  • Removed set_socket_blocking() in favor of its alias stream_set_blocking(). (Nikita)
  • XSL:
  • Fixed bug #64776 (The XSLT extension is not thread safe). (Mike)
  • Removed xsl.security_prefs ini option. (Nikita)
  • Zlib:
  • Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression. (Daniel Lowrey & Bob Weinand)
  • Zip:
  • Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methods (Remi, Cedric Delmas)
  • Update bundled libzip to 1.0.1 (Remi, Anatol)
  • Fixed bug #67161. (ZipArchive::getStream() returns NULL for certain file) (Christoph M. Becker)

New in PHP 5.6.10 RC 1 (May 28th, 2015)

  • Core:
  • Fixed bug #66048 (temp. directory is cached during multiple requests). (Julien)
  • Fixed bug #69566 (Conditional jump or move depends on uninitialised value in extension trait). (jbboehr at gmail dot com)
  • Fixed bug #69599 (Strange generator+exception+variadic crash). (Nikita)
  • Fixed bug #69628 (complex GLOB_BRACE fails on Windows). (Christoph M. Becker)
  • Fixed POST data processing slowdown due to small input buffer size on Windows. (Jorge Oliveira, Anatol)
  • GD:
  • Fixed bug #69479 (GD fails to build with newer libvpx). (Remi)
  • Iconv:
  • Fixed bug #48147 (iconv with //IGNORE cuts the string). (Stas)
  • MCrypt:
  • Added file descriptor caching to mcrypt_create_iv() (Leigh)
  • Phar:
  • Fixed bug #69680 (phar symlink in binary directory broken). (Matteo Bernardini, Remi)
  • Postgres:
  • Fixed bug #69667 (segfault in php_pgsql_meta_data). (Remi)

New in PHP 5.6.9 (May 14th, 2015)

  • Core:
  • Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
  • Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
  • Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita)
  • Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
  • Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
  • Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
  • Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
  • Fixed bug #69364 (PHP Multipart/form-data remote dos Vulnerability). (Stas)
  • Fixed bug #69403 (str_repeat() sign mismatch based memory corruption). (Stas)
  • Fixed bug #69418 (CVE-2006-7243 fix regressions in 5.4+). (Stas)
  • Fixed bug #69522 (heap buffer overflow in unpack()). (Stas)
  • FTP:
  • Fixed bug #69545 (Integer overflow in ftp_genlist() resulting in heap overflow). (Stas)
  • ODBC:
  • Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)
  • Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)
  • Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)
  • OpenSSL:
  • Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)
  • PCNTL:
  • Fixed bug #68598 (pcntl_exec() should not allow null char). (Stas)
  • PCRE:
  • Upgraded pcrelib to 8.37.
  • Phar:
  • Fixed bug #69453 (Memory Corruption in phar_parse_tarfile when entry filename starts with null). (Stas)

New in PHP 5.6.9 RC 1 (April 30th, 2015)

  • Core:
  • Fixed bug #69467 (Wrong checked for the interface by using Trait). (Laruence)
  • Fixed bug #69420 (Invalid read in zend_std_get_method). (Laruence)
  • Fixed bug #60022 ("use statement [...] has no effect" depends on leading backslash). (Nikita)
  • Fixed bug #67314 (Segmentation fault in gc_remove_zval_from_buffer). (Dmitry)
  • Fixed bug #68652 (segmentation fault in destructor). (Dmitry)
  • Fixed bug #69419 (Returning compatible sub generator produces a warning). (Nikita)
  • Fixed bug #69472 (php_sys_readlink ignores misc errors from GetFinalPathNameByHandleA). (Jan Starke)
  • ODBC:
  • Fixed bug #69354 (Incorrect use of SQLColAttributes with ODBC 3.0). (Anatol)
  • Fixed bug #69474 (ODBC: Query with same field name from two tables returns incorrect result). (Anatol)
  • Fixed bug #69381 (out of memory with sage odbc driver). (Frederic Marchall, Anatol Belski)
  • OpenSSL:
  • Fixed bug #69402 (Reading empty SSL stream hangs until timeout). (Daniel Lowrey)

New in PHP 5.6.8 (April 17th, 2015)

  • Core:
  • Fixed bug #66609 (php crashes with __get() and ++ operator in some cases).
  • Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters).
  • Fixed bug #68917 (parse_url fails on some partial urls).
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options).
  • Additional fix for bug #69152 (Type confusion vulnerability in exception::getTraceAsString).
  • Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values).
  • Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing).
  • Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator).
  • Fixed bug #69337 (php_stream_url_wrap_http_ex() type-confusion vulnerability).
  • Fixed bug #69353 (Missing null byte checks for paths in various PHP extensions).
  • Apache2handler:
  • Fixed bug #69218 (potential remote code execution with apache 2.4 apache2handler).
  • cURL:
  • Implemented FR #69278 (HTTP2 support).
  • Fixed bug #68739 (Missing break / control flow).
  • Fixed bug #69316 (Use-after-free in php_curl related to CURLOPT_FILE/_INFILE/_WRITEHEADER).
  • Date:
  • Fixed bug #69336 (Issues with "last day of ").
  • Enchant:
  • Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds).
  • Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference).
  • Fileinfo:
  • Fixed bug #68819 (Fileinfo on specific file causes spurious OOM and/or segfault).
  • Filter:
  • Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used).
  • Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127).
  • OPCache:
  • Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function).
  • Fixed bug #69281 (opcache_is_script_cached no longer works).
  • Fixed bug #68677 (Use After Free). (CVE-2015-1351)
  • OpenSSL:
  • Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright)
  • Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey)
  • Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey)
  • Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
  • Phar:
  • Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar).
  • Fixed bug #64931 (phar_add_file is too restrictive on filename).
  • Fixed bug #65467 (Call to undefined method cli_arg_typ_string).
  • Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar").
  • Fixed bug #69324 (Buffer Over-read in unserialize when parsing Phar). (CVE-2015-2783)
  • Fixed bug #69441 (Buffer Overflow when parsing tar/zip/phar in phar_set_inode).
  • Postgres:
  • Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352)
  • SPL:
  • Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc).
  • SOAP:
  • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)).
  • Sqlite3:
  • Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception).
  • Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3).
  • Fixed bug #66550 (SQLite prepared statement use-after-free).

New in PHP 5.6.8 RC 1 (April 1st, 2015)

  • Core:
  • Fixed bug #66609 (php crashes with __get() and ++ operator in some cases). (Dmitry, Laruence)
  • Fixed bug #68021 (get_browser() browser_name_regex returns non-utf-8 characters). (Tjerk)
  • Fixed bug #68917 (parse_url fails on some partial urls). (Wei Dai)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)
  • Fixed bug #69210 (serialize function return corrupted data when sleep has non-string values). (Juan Basso)
  • Fixed bug #69212 (Leaking VIA_HANDLER func when exception thrown in __call/... arg passing). (Nikita)
  • Fixed bug #69221 (Segmentation fault when using a generator in combination with an Iterator). (Nikita)
  • cURL:
  • Implemented FR#69278 (HTTP2 support). (Masaki Kagaya)
  • Fixed bug #68739 (Missing break / control flow). (Laruence)
  • Date:
  • Added DateTime::createFromImmutable(). (Trevor Suarez)
  • Enchant:
  • Fixed bug #65406 (Enchant broker plugins are in the wrong place in windows builds). (Anatol)
  • Ereg:
  • Fixed bug #68740 (NULL Pointer Dereference). (Laruence)
  • Filter:
  • Fixed bug #69202: (FILTER_FLAG_STRIP_BACKTICK ignored unless other flags are used). (Jeff Welch)
  • Fixed bug #69203 (FILTER_FLAG_STRIP_HIGH doesn't strip ASCII 127). (Jeff Welch)
  • OPCache:
  • Fixed bug #69297 (function_exists strange behavior with OPCache on disabled function). (Laruence)
  • Fixed bug #68677 (Use After Free). (CVE-2015-1351) (Laruence)
  • OpenSSL:
  • Fixed bugs #68853, #65137 (Buffered crypto stream data breaks IO polling in stream_select() contexts) (Chris Wright)
  • Fixed bug #69197 (openssl_pkcs7_sign handles default value incorrectly) (Daniel Lowrey)
  • Fixed bug #69215 (Crypto servers should send client CA list) (Daniel Lowrey)
  • Add a check for RAND_egd to allow compiling against LibreSSL (Leigh)
  • Phar:
  • Fixed bug #64343 (PharData::extractTo fails for tarball created by BSD tar). (Mike)
  • Fixed bug #64931 (phar_add_file is too restrictive on filename). (Mike)
  • Fixed bug #65467 (Call to undefined method cli_arg_typ_string). (Mike)
  • Fixed bug #67761 (Phar::mapPhar fails for Phars inside a path containing ".tar"). (Mike)
  • Postgres:
  • Fixed bug #68741 (Null pointer dereference). (CVE-2015-1352) (Laruence)
  • SPL:
  • Fixed bug #69227 (Use after free in zval_scan caused by spl_object_storage_get_gc). (adam dot scarr at 99designs dot com)
  • SOAP:
  • Fixed bug #69293 (NEW segfault when using SoapClient::__setSoapHeader (bisected, regression)). (Laruence)
  • SQLITE:
  • Fixed bug #68760 (SQLITE segfaults if custom collator throws an exception). (Dan Ackroyd)
  • Fixed bug #69287 (Upgrade bundled libsqlite to 3.8.8.3). (Anatol)

New in PHP 5.6.7 (March 19th, 2015)

  • Core:
  • Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence)
  • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence)
  • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net)
  • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike)
  • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com)
  • Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
  • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com)
  • Fixed bug #68976 (Use After Free Vulnerability in unserialize()). (Stas)
  • Fixed bug #69134 (Per Directory Values overrides PHP_INI_SYSTEM configuration options). (Anatol Belski)
  • Fixed bug #69207 (move_uploaded_file allows nulls in path). (Stas)
  • CGI:
  • Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
  • CLI:
  • Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
  • cURL:
  • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell)
  • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback)
  • Ereg:
  • Fixed bug #69248 (heap overflow vulnerability in regcomp.c) (CVE-2015-2305). (Stas)
  • FPM:
  • Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
  • ODBC:
  • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
  • Opcache:
  • Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). (Dmitry, Laruence)
  • Fixed bug #69125 (Array numeric string as key). (Laruence)
  • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
  • OpenSSL:
  • Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
  • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman)
  • Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
  • Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
  • Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
  • Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
  • Fixed bug (#69195 Inconsistent stream crypto values across versions) (Daniel Lowrey)
  • pgsql:
  • Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence)
  • Readline:
  • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence)
  • SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence)
  • SPL:
  • Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence)
  • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien)
  • ZIP:
  • Fixed bug #69253 (ZIP Integer Overflow leads to writing past heap boundary) (CVE-2015-2331). (Stas)

New in PHP 5.6.7 RC 1 (March 6th, 2015)

  • Core:
  • Fixed bug #69174 (leaks when unused inner class use traits precedence). (Laruence)
  • Fixed bug #69139 (Crash in gc_zval_possible_root on unserialize). (Laruence)
  • Fixed bug #69121 (Segfault in get_current_user when script owner is not in passwd with ZTS build). (dan at syneto dot net)
  • Fixed bug #65593 (Segfault when calling ob_start from output buffering callback). (Mike)
  • Fixed bug #68986 (pointer returned by php_stream_fopen_temporary_file not validated in memory.c). (nayana at ddproperty dot com)
  • Fixed bug #68166 (Exception with invalid character causes segv). (Rasmus)
  • Fixed bug #69141 (Missing arguments in reflection info for some builtin functions). (kostyantyn dot lysyy at oracle dot com)
  • CGI:
  • Fixed bug #69015 (php-cgi's getopt does not see $argv). (Laruence)
  • CLI:
  • Fixed bug #67741 (auto_prepend_file messes up __LINE__). (Reeze Xia)
  • cURL:
  • Fixed bug #69088 (PHP_MINIT_FUNCTION does not fully initialize cURL on Win32). (Grant Pannell)
  • Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. (Linus Unneback)
  • FPM:
  • Fixed bug #68822 (request time is reset too early). (honghu069 at 163 dot com)
  • ODBC:
  • Fixed bug #68964 (Allowed memory size exhausted with odbc_exec). (Anatol)
  • Opcache:
  • Fixed bug #69159 (Opcache causes problem when passing a variable variable to a function). (Dmitry, Laruence)
  • Fixed bug #69125 (Array numeric string as key). (Laruence)
  • Fixed bug #69038 (switch(SOMECONSTANT) misbehaves). (Laruence)
  • OpenSSL:
  • Fixed bug #68912 (Segmentation fault at openssl_spki_new). (Laruence)
  • Fixed bug #61285, #68329, #68046, #41631 (encrypted streams don't observe socket timeouts). (Brad Broerman)
  • Fixed bug #68920 (use strict peer_fingerprint input checks) (Daniel Lowrey)
  • Fixed bug #68879 (IP Address fields in subjectAltNames not used) (Daniel Lowrey)
  • Fixed bug #68265 (SAN match fails with trailing DNS dot) (Daniel Lowrey)
  • Fixed bug #67403 (Add signatureType to openssl_x509_parse) (Daniel Lowrey)
  • pgsql:
  • Fixed bug #68638 (pg_update() fails to store infinite values). (william dot welter at 4linux dot com dot br, Laruence)
  • Readline:
  • Fixed bug #69054 (Null dereference in readline_(read|write)_history() without parameters). (Laruence)
  • SOAP:
  • Fixed bug #69085 (SoapClient's __call() type confusion through unserialize()). (andrea dot palazzo at truel dot it, Laruence)
  • SPL:
  • Fixed bug #69108 ("Segmentation fault" when (de)serializing SplObjectStorage). (Laruence)
  • Fixed bug #68557 (RecursiveDirectoryIterator::seek(0) broken after calling getChildren()). (Julien)

New in PHP 5.6.6 (February 20th, 2015)

  • Core:
  • Removed support for multi-line headers, as the are deprecated by RFC 7230.
  • Fixed bug #67068 (getClosure returns somethings that's not a closure).
  • Fixed bug #68942 (Use after free vulnerability in unserialize() with DateTimeZone). (CVE-2015-0273)
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow).
  • Fixed bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo)
  • Added NULL byte protection to exec, system and passthru.
  • Dba:
  • Fixed bug #68711 (useless comparisons).
  • Enchant:
  • Fixed bug #68552 (heap buffer overflow in enchant_broker_request_dict()).
  • Fileinfo:
  • Fixed bug #68827 (Double free with disabled ZMM).
  • Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly).
  • Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs).
  • FPM:
  • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES).
  • Fixed bug #68571 (core dump when webserver close the socket).
  • JSON:
  • Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION.
  • LIBXML:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads).
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)
  • Opcache:
  • Fixed bug with try blocks being removed when extended_info opcode generation is turned on.
  • PDO_mysql:
  • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes).
  • Phar:
  • Fixed bug #68901 (use after free).
  • Pgsql:
  • Fixed bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
  • Session:
  • Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  • Fixed bug #66623 (no EINTR check on flock) (Yasuo)
  • Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
  • Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
  • Standard:
  • Fixed bug #65272 (flock() out parameter not set correctly in windows).
  • Fixed bug #69033 (Request may get env. variables from previous requests if PHP works as FastCGI).
  • Streams:
  • Fixed bug which caused call after final close on streams filter.

New in PHP 5.6.6 RC1 (February 5th, 2015)

  • Core:
  • Fixed bug #67068 (getClosure returns somethings that's not a closure). (Danack at basereality dot com)
  • Fixed bug #68925 (Mitigation for CVE-2015-0235 – GHOST: glibc gethostbyname buffer overflow). (Stas)
  • Fixed Bug #67988 (htmlspecialchars() does not respect default_charset specified by ini_set) (Yasuo)
  • Dba:
  • Fixed bug #68711 (useless comparisons). (bugreports at internot dot info)
  • JSON:
  • Fixed bug #50224 (json_encode() does not always encode a float as a float) by adding JSON_PRESERVE_ZERO_FRACTION. (Juan Basso)
  • Fileinfo:
  • Fixed bug #68827 (Double free with disabled ZMM). (Joshua Rogers)
  • Fixed bug #67647 (Bundled libmagic 5.17 does not detect quicktime files correctly). (Anatol)
  • Fixed bug #68731 (finfo_buffer doesn't extract the correct mime with some gifs). (Anatol)
  • FPM:
  • Fixed bug #66479 (Wrong response to FCGI_GET_VALUES). (Frank Stolle)
  • Fixed bug #68571 (core dump when webserver close the socket). (redfoxli069 at gmail dot com, Laruence)
  • JSON:
  • Fixed bug #68938 (json_decode() decodes empty string without error). (jeremy at bat-country dot us)
  • LIBXML:
  • Fixed bug #64938 (libxml_disable_entity_loader setting is shared between threads). (Martin Jansen)
  • Opcache:
  • Fixed bug with try blocks being removed when extended_info opcode generation is turned on. (Laruence)
  • PDO_mysql:
  • Fixed bug #68750 (PDOMysql with mysqlnd does not allow the usage of named pipes). ([email protected])
  • Phar:
  • Fixed bug #68901 (use after free). (bugreports at internot dot info)
  • Pgsql:
  • Fixed Bug #65199 (pg_copy_from() modifies input array variable) (Yasuo)
  • Session:
  • Fixed bug #68941 (mod_files.sh is a bash-script) (bugzilla at ii.nl, Yasuo)
  • Fixed Bug #66623 (no EINTR check on flock) (Yasuo)
  • Fixed bug #68063 (Empty session IDs do still start sessions) (Yasuo)
  • Sqlite3:
  • Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args). (Julien)
  • Standard:
  • Fixed bug #65272 (flock() out parameter not set correctly in windows). (Daniel Lowrey)
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • Fixed bug #68657 (Reading 4 byte floats with Mysqli and libmysqlclient has rounding errors) (Keyur Govande)
  • Streams:
  • Fixed bug which caused call after final close on streams filter. (Bob)

New in PHP 5.6.5 (January 21st, 2015)

  • Core:
  • Upgraded crypt_blowfish to version 1.3. (Leigh)
  • Fixed bug #60704 (unlink() bug with some files path).
  • Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  • Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
  • Fixed bug #55541 (errors spawn MessageBox, which blocks test automation).(Anatol)
  • Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  • Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  • Fixed bug #65230 (setting locale randomly broken). (Anatol)
  • Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIRcorrectly). (Ferenc)
  • Fixed bug #68583 (Crash in timeout thread). (Anatol)
  • Fixed bug #65576 (Constructor from trait conflicts with inheritedconstructor). (dunglas at gmail dot com)
  • Fixed bug #68676 (Explicit Double Free). (Kalle)
  • Fixed bug #68710 (Use After Free Vulnerability in PHP's unserialize()).(CVE-2015-0231) (Stefan Esser)
  • CGI:
  • Fixed bug #68618 (out of bounds read crashes php-cgi). (CVE-2014-9427)(Stas)
  • CLI server:
  • Fixed bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
  • cURL:
  • Fixed bug #67643 (curl_multi_getcontent returns '' whenCURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
  • Date:
  • Implemented FR #68268 (DatePeriod: Getter for start date, end date and interval). (Marc Bennewitz)
  • EXIF:
  • Fixed bug #68799: Free called on unitialized pointer. (CVE-2015-0232)(Stas)
  • Fileinfo:
  • Fixed bug #68398 (msooxml matches too many archives). (Anatol)
  • Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
  • Fixed bug #68671 (incorrect expression in libmagic).(Joshua Rogers, Anatol Belski)
  • Removed readelf.c and related code from libmagic sources(Remi, Anatol)
  • Fixed bug #68735 (fileinfo out-of-bounds memory access).(Anatol)
  • FPM:
  • Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
  • Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
  • GD:
  • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
  • Fixed request #68656 (Report gd library version). (Remi)
  • mbstring:
  • Fixed bug #68504 (--with-libmbfl configure option not present on Windows).(Ashesh Vashi)
  • Opcache:
  • Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8+ Opcache). (Laruence)
  • Fixed bug #67111 (Memory leak when using "continue 2" inside two foreachloops). (Nikita)
  • OpenSSL:
  • Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
  • pcntl:
  • Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handlerwhen setting SIG_DFL). (Julien)
  • PCRE:
  • Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream).(Rainer Jung, Anatol Belski)
  • pgsql:
  • Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)
  • PDO:
  • Fixed bug #68371 (PDO#getAttribute() cannot be called with platform-specifiattribute names). (Matteo)
  • PDO_mysql:
  • Fixed bug #68424 (Add new PDO mysql connection attr to control multistatements option). (peter dot wolanin at acquia dot com)
  • SPL:
  • Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAMEbreaks the RecursiveIterator). (Paul Garvin)
  • Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)
  • SQLite:
  • Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
  • Streams:
  • Fixed bug #68532 (convert.base64-encode omits padding bytes).(blaesius at krumedia dot de)

New in PHP 5.6.5 RC 1 (January 7th, 2015)

  • Core:
  • Upgraded crypt_blowfish to version 1.3. (Leigh)
  • Fixed bug #60704 (unlink() bug with some files path).
  • Fixed bug #65419 (Inside trait, self::class != __CLASS__). (Julien)
  • Fixed bug #68536 (pack for 64bits integer is broken on bigendian). (Remi)
  • Fixed bug #55541 (errors spawn MessageBox, which blocks test automation). (Anatol)
  • Fixed bug #68297 (Application Popup provides too few information). (Anatol)
  • Fixed bug #65769 (localeconv() broken in TS builds). (Anatol)
  • Fixed bug #65230 (setting locale randomly broken). (Anatol)
  • Fixed bug #66764 (configure doesn't define EXPANDED_DATADIR / PHP_DATADIR correctly). (Ferenc)
  • Fixed bug #68583 (Crash in timeout thread). (Anatol)
  • Fixed bug #65576 (Constructor from trait conflicts with inherited constructor). (dunglas at gmail dot com)
  • Fixed bug #68676 (Explicit Double Free). (Kalle)
  • CGI:
  • Fix bug #68618 (out of bounds read crashes php-cgi). (Stas)
  • CLI server:
  • Fix bug #68745 (Invalid HTTP requests make web server segfault). (Adam)
  • cURL:
  • Fixed bug #67643 (curl_multi_getcontent returns '' when CURLOPT_RETURNTRANSFER isn't set). (Jille Timmermans)
  • Date:
  • Implemented FR #68268 (DatePeriod: Getter for start date, end date and interval). (Marc Bennewitz)
  • Fileinfo:
  • Fixed bug #68398 (msooxml matches too many archives). (Anatol)
  • Fixed bug #68665 (invalid free in libmagic). (Joshua Rogers, Anatol Belski)
  • Fixed bug #68671 (incorrect expression in libmagic). (Joshua Rogers, Anatol Belski)
  • Removed readelf.c and related code from libmagic sources (Remi, Anatol)
  • Fixed bug #68735 (fileinfo out-of-bounds memory access). (Anatol)
  • FPM:
  • Fixed request #68526 (Implement POSIX Access Control List for UDS). (Remi)
  • Fixed bug #68751 (listen.allowed_clients is broken). (Remi)
  • GD:
  • Fixed bug #68601 (buffer read overflow in gd_gif_in.c). (Jan Bee, Remi)
  • Fixed request #68656 (Report gd library version). (Remi)
  • mbstring:
  • Fixed bug #68504 (--with-libmbfl configure option not present on Windows). (Ashesh Vashi)
  • Opcache:
  • Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache). (Laruence)
  • Fixed bug #67111 (Memory leak when using "continue 2" inside two foreach loops). (Nikita)
  • OpenSSL:
  • Improved handling of OPENSSL_KEYTYPE_EC keys. (Dominic Luechinger)
  • pcntl:
  • Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL). (Julien)
  • PCRE:
  • Fixed bug #66679 (Alignment Bug in PCRE 8.34 upstream). (Rainer Jung, Anatol Belski)
  • pgsql:
  • Fixed bug #68697 (lo_export return -1 on failure). (Ondřej Surý)
  • PDO_mysql:
  • Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option). (peter dot wolanin at acquia dot com)
  • SPL:
  • Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator). (Paul Garvin)
  • Fixed bug #68479 (Added escape parameter to SplFileObject::fputcsv). (Salathe)
  • SQLite:
  • Fixed bug #68120 (Update bundled libsqlite to 3.8.7.2). (Anatol)
  • Streams:
  • Fixed bug #68532 (convert.base64-encode omits padding bytes). (blaesius at krumedia dot de)

New in PHP 5.6.4 (December 19th, 2014)

  • Core:
  • Fixed bug #68091 (Some Zend headers lack appropriate extern "C" blocks). (Adam)
  • Fixed bug #68104 (Segfault while pre-evaluating a disabled function). (Laruence)
  • Fixed bug #68185 ("Inconsistent insteadof definition."incorrectly triggered). (Julien)
  • Fixed bug #68355 (Inconsistency in example php.ini comments). (Chris McCafferty)
  • Fixed bug #68370 ("unset($this)" can make the program crash). (Laruence)
  • Fixed bug #68422 (Incorrect argument reflection info for array_multisort()). (Alexander Lisachenko)
  • Fixed bug #68545 (NULL pointer dereference in unserialize.c). (Anatol)
  • Fixed bug #68446 (Array constant not accepted for array parameter default). (Bob, Dmitry)
  • Fixed bug #68594 (Use after free vulnerability in unserialize()). (CVE-2014-8142) (Stefan Esser)
  • Date:
  • Fixed day_of_week function as it could sometimes return negative values internally. (Derick)
  • FPM:
  • Fixed bug #68381 (fpm_unix_init_main ignores log_level). (David Zuelke, Remi)
  • Fixed bug #68420 (listen=9000 listens to ipv6 localhost instead of all addresses). (Remi)
  • Fixed bug #68421 (access.format='%R' doesn't log ipv6 address). (Remi)
  • Fixed bug #68423 (PHP-FPM will no longer load all pools). (Remi)
  • Fixed bug #68428 (listen.allowed_clients is IPv4 only). (Remi)
  • Fixed bug #68452 (php-fpm man page is oudated). (Remi)
  • Fixed request #68458 (Change pm.start_servers default warning to notice). (David Zuelke, Remi)
  • Fixed bug #68463 (listen.allowed_clients can silently result in no allowed access). (Remi)
  • Fixed request #68391 (php-fpm conf files loading order). (Florian Margaine, Remi)
  • Fixed bug #68478 (access.log don't use prefix). (Remi)
  • Mcrypt:
  • Fixed possible read after end of buffer and use after free. (Dmitry)
  • GMP:
  • Fixed bug #68419 (build error with gmp 4.1). (Remi)
  • PDO_pgsql:
  • Fixed bug #67462 (PDO_PGSQL::beginTransaction() wrongly throws exception when not in transaction) (Matteo)
  • Fixed bug #68351 (PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving) (Matteo)
  • Session:
  • Fixed bug #68331 (Session custom storage callable functions not being called) (Yasuo Ohgaki)
  • SOAP:
  • Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes). (Laruence)
  • zlib:
  • Fixed bug #53829 (Compiling PHP with large file support will replace function gzopen by gzopen64) (Sascha Kettler, Matteo)

New in PHP 5.6.3 (November 15th, 2014)

  • Core:
  • Implemented 64-bit format codes for pack() and unpack().
  • Fixed bug #51800 (proc_open on Windows hangs forever).
  • Fixed bug #67633 (A foreach on an array returned from a function not doing copy-on-write).
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3)).
  • Fixed bug #67949 (DOMNodeList elements should be accessible through array notation) (Florian)
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in php_getopt()).
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined).
  • Fixed bug #68129 (parse_url() - incomplete support for empty usernames and passwords) (Tjerk)
  • Fixed bug #68365 (zend_mm_heap corrupted after memory overflow in zend_hash_copy).
  • CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
  • Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed).
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer).
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
  • FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass).
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6 addresses).
  • GD:
  • Fixed bug #65171 (imagescale() fails without height param).
  • GMP:
  • Implemented gmp_random_range() and gmp_random_bits().
  • Fixed bug #63595 (GMP memory management conflicts with other libraries using GMP).
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width decimal support) (Keyur Govande)
  • ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by a VARCHAR column) (Keyur Govande)
  • OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded value).
  • PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads) (Matteo, Alain Laporte)
  • Fixed bug #66584 (Segmentation fault on statement deallocation) (Matteo)
  • Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias).
  • SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)

New in PHP 5.6.3 RC 1 (October 29th, 2014)

  • Core:
  • Implemented 64-bit format codes for pack() and unpack()(Leigh)
  • Fixed bug #51800 (proc_open on Windows hangs forever)(Anatol)
  • Fixed bug #67633 (A foreach on an array returned from a function not doing
  • copy-on-write)(Nikita)
  • Fixed bug #67739 (Windows 8.1/Server 2012 R2 OS build number reported
  • as 6.2 (instead of 6.3))(Christian Wenz)
  • Fixed bug #67949 (DOMNodeList elements should be accessible through
  • array notation) (Florian)
  • Fixed bug #68095 (AddressSanitizer reports a heap buffer overflow in
  • php_getopt())(Stas)
  • Fixed bug #68118 ($a->foo .= 'test'; can leave $a->foo undefined)(Nikita)
  • Fixed bug #68129 (parse_url() incomplete support for empty usernames
  • and passwords) (Tjerk)
  • phpdbg:
  • Added XML protocol (-x command line flag)(Bob)
  • Added hard interruptions (twice SIGINT)(Bob)
  • Fileinfo:
  • Fixed bug #66242 (libmagic: don't assume char is signed)(ArdB)
  • Fixed bug #68224 (buffer-overflow in libmagic/readcdf.c caught by
  • AddressSanitizer)(Remi)
  • Fixed bug #68283 (fileinfo: out-of-bounds read in elf note headers).
  • (CVE-2014-3710) (Remi)
  • FPM:
  • Fixed bug #65641 (PHP-FPM incorrectly defines the SCRIPT_NAME variable
  • when using Apache, mod_proxy-fcgi and ProxyPass)(Remi)
  • Implemented FR #55508 (listen and listen.allowed_clients should take IPv6
  • addresses)(Robin Gloster)
  • GD:
  • Fixed bug #65171 (imagescale() fails without height param)(Remi)
  • GMP:
  • Implemented gmp_random_range() and gmp_random_bits()(Leigh)
  • Fixed bug #63595 (GMP memory management conflicts with other libraries
  • using GMP)(Remi)
  • Reflection:
  • Fixed bug #68103 (Duplicate entry in Reflection for class alias)(Remi)
  • OpenSSL:
  • Fixed bug #68074 (Allow to use system cipher list instead of hardcoded
  • value)(Remi)
  • Mysqli:
  • Fixed bug #68114 (linker error on some OS X machines with fixed width
  • decimal support) (Keyur Govande)
  • ODBC:
  • Fixed bug #68087 (ODBC not correctly reading DATE column when preceded by
  • a VARCHAR column) (Keyur Govande)
  • SPL:
  • Fixed bug #68128 (Regression in RecursiveRegexIterator) (Tjerk)
  • CURL:
  • Add CURL_SSLVERSION_TLSv1_0, CURL_SSLVERSION_TLSv1_1, and
  • CURL_SSLVERSION_TLSv1_2 constants if supported by libcurl (Rasmus)
  • PDO_pgsql:
  • Fixed bug #68199 (PDO::pgsqlGetNotify doesn't support NOTIFY payloads)
  • (Matteo, Alain Laporte)

New in PHP 5.6.2 (October 16th, 2014)

  • Core:
  • Fixed bug #68044 (Integer overflow in unserialize() (32-bits only)).
  • (CVE-2014-3669) (Stas)
  • cURL:
  • Fixed bug #68089 (NULL byte injection - cURL lib). (Stas)
  • EXIF:
  • Fixed bug #68113 (Heap corruption in exif_thumbnail()). (CVE-2014-3670)
  • (Stas)
  • XMLRPC:
  • Fixed bug #68027 (Global buffer overflow in mkgmtime() function).
  • (CVE-2014-3668) (Stas)

New in PHP 5.6.1 (October 3rd, 2014)

  • Core:
  • Implemented FR #38409 (parse_ini_file() loses the type of booleans).
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()).
  • Fixed bug #66036 (Crash on SIGTERM in apache process).
  • Fixed bug #67878 (program_prefix not honoured in man pages).
  • Fixed bug #67938 (Segfault when extending interface method with variadic).
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset).
  • Fixed bug #68088 (New Posthandler Potential Illegal efree() vulnerability).
  • DOM:
  • Made DOMNode::textContent writeable.
  • Fileinfo:
  • Fixed bug #67731 (finfo::file() returns invalid mime type for binary files).
  • GD:
  • Made fontFetch's path parser thread-safe.
  • GMP:
  • Fixed bug #67917 (Using GMP objects with overloaded operators can cause memory exhaustion).
  • Fixed bug #50175 (gmp_init() results 0 on given base and number starting with 0x or 0b).
  • Implemented gmp_import() and gmp_export().
  • MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly).
  • OpenSSL:
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3).
  • phpdbg:
  • Fixed issue krakjoe/phpdbg#111 (compile error without ZEND_SIGNALS).
  • SOAP:
  • Fixed bug #67955 (SoapClient prepends 0-byte to cookie names).
  • Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()).
  • Sysvsem:
  • Implemented FR #67990 (Add optional nowait argument to sem_acquire).

New in PHP 5.6.1 RC 1 (September 12th, 2014)

  • Core:
  • Implemented FR #38409 (parse_ini_file() looses the type of booleans). (Tjerk)
  • Fixed bug #65463 (SIGSEGV during zend_shutdown()). (Keyur Govande)
  • Fixed bug #66036 (Crash on SIGTERM in apache process). (Keyur Govande)
  • Fixed bug #67878 (program_prefix not honoured in man pages). (Remi)
  • Fixed bug #67938 (Segfault when extending interface method with variadic). (Nikita)
  • Fixed bug #67985 (Incorrect last used array index copied to new array after unset). (Tjerk)
  • Fileinfo:
  • Fixed bug #67731 (finfo::file() returns invalid mime type for binary files). (Anatol)
  • GD:
  • Made fontFetch's path parser thread-safe. (Sara)
  • GMP:
  • Fixed bug #67917 (Using GMP objects with overloaded operators can cause memory exhaustion). (Nikita)
  • Fixed bug #50175 (gmp_init() results 0 on given base and number starting with 0x or 0b). (Nikita)
  • Implemented gmp_import() and gmp_export(). (Leigh, Nikita)
  • MySQLi:
  • Fixed bug #67839 (mysqli does not handle 4-byte floats correctly). (Keyur)
  • OpenSSL:
  • Fixed bug #41631 (socket timeouts not honored in blocking SSL reads). (Daniel Lowrey)
  • Fixed bug #67850 (extension won't build if openssl compiled without SSLv3). (Daniel Lowrey)
  • DOM:
  • Made DOMNode::textContent writeable. (Tjerk)
  • SOAP:
  • Fixed bug #67955 (SoapClient prepends 0-byte to cookie names). (Philip Hofstetter)
  • Session:
  • Fixed bug #67972 (SessionHandler Invalid memory read create_sid()). (Adam)
  • Sysvsem:
  • Implemented FR #67990 (Add optional nowait argument to sem_acquire). (Matteo)

New in PHP 5.6.0 (August 28th, 2014)

  • General improvement:
  • Added constant scalar expressions syntax.
  • Added dedicated syntax for variadic functions.
  • Added support for argument unpacking to complement the variadic syntax.
  • Added an exponentiation operator (**).
  • Added phpdbg SAPI.
  • Added unified default encoding.
  • The php://input stream is now re-usable and can be used concurrently with enable_post_data_reading=0.
  • Added use function and use const..
  • Added a function for timing attack safe string comparison.
  • Added the __debugInfo() magic method to allow userland classes to implement the get_debug_info API previously available only to extensions.
  • Added gost-crypto (CryptoPro S-box) hash algorithm.
  • Stream wrappers verify peer certificates and host names by default in encrypted client streams.
  • Uploads equal or greater than 2GB in size are now accepted.
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array).
  • Removed inconsistency regarding behaviour of array in constants at run-time.
  • Fixed bug #67497 (eval with parse error causes segmentation fault in generator).
  • Fixed bug #67151 (strtr with empty array crashes).
  • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012).
  • Fixed bug #66608 (Incorrect behavior with nested "finally" blocks).
  • Implemented FR #34407 (ucwords and Title Case).
  • Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0).
  • Fixed bug #67368 (Memory leak with immediately dereferenced array in class constant).
  • Fixed bug #67468 (Segfault in highlight_file()/highlight_string()).
  • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
  • Fixed bug #67551 (php://input temp file will be located in sys_temp_dir instead of upload_tmp_dir).
  • Fixed bug #67169 (array_splice all elements, then []= gives wrong index).
  • Fixed bug #67198 (php://input regression).
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow).
  • Fixed bug #67250 (iptcparse out-of-bounds read).
  • Fixed bug #67252 (convert_uudecode out-of-bounds read).
  • Fixed bug #67249 (printf out-of-bounds read).
  • Implemented FR #64744 (Differentiate between member function call on a null and non-null, non-objects).
  • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match).
  • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
  • Fixed bug #67390 (insecure temporary file use in the configure script).
  • Fixed bug #67392 (dtrace breaks argument unpack).
  • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code).
  • Fixed bug #67433 (SIGSEGV when using count() on an object implementing Countable).
  • Fixed bug #67399 (putenv with empty variable may lead to crash).
  • Expose get_debug_info class hook as __debugInfo() magic method.
  • Implemented unified default encoding (RFC: http://wiki.php.net/rfc/default_encoding).
  • Added T_POW (**) operator (RFC: http://wiki.php.net/rfc/pow-operator).
  • Improved IS_VAR operands fetching.
  • Improved empty string handling. Now ZE uses an interned string instead of allocation new empty string each time.
  • Implemented internal operator overloading (RFC: http://wiki.php.net/rfc/operator_overloading_gmp).
  • Made calls from incompatible context issue an E_DEPRECATED warning instead of E_STRICT (phase 1 of RFC: http://wiki.php.net/rfc/incompat_ctx).
  • Uploads equal or greater than 2GB in size are now accepted.
  • Reduced POST data memory usage by 200-300%. Changed INI setting always_populate_raw_post_data to throw a deprecation warning when enabling and to accept -1 for never populating the $HTTP_RAW_POST_DATA global variable, which will be the default in future PHP versions.
  • Implemented dedicated syntax for variadic functions (RFC: http://wiki.php.net/rfc/variadics).
  • Fixed bug #50333 Improving multi-threaded scalability by using emalloc/efree/estrdup (Anatol, Dmitry)
  • Implemented constant scalar expressions (with support for constants) (RFC: http://wiki.php.net/rfc/const_scalar_exprs).
  • Fixed bug #65784 (Segfault with finally).
  • Fixed bug #66509 (copy() arginfo has changed starting from 5.4).
  • Allow zero length comparison in substr_compare() (Tjerk)
  • Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
  • Fixed bug #61019 (Out of memory on command stream_get_contents).
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets).
  • Fixed bug #66182 (exit in stream filter produces segfault).
  • Fixed bug #66736 (fpassthru broken).
  • Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
  • Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()).
  • Fixed bug #66015 (Unexpected array indexing in class's static property).
  • Added (constant) string/array dereferencing to static scalar expressions to complete the set; now possible thanks to bug #66015 being fixed.
  • Fixed bug #66568 (Update reflection information for unserialize() function).
  • Fixed bug #66660 (Composer.phar install/update fails).
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative height).
  • Fixed bug #67064 (Countable interface prevents using 2nd parameter ($mode) of count() function).
  • Fixed bug #67072 (Echoing unserialized "SplFileObject" crash).
  • Fixed bug #67033 (Remove reference to Windows 95).
  • Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue http://issues.apache.org/bugzilla/show_bug.cgi?id=56120).
  • CLI server:
  • Added some MIME types to the CLI web server.
  • Fixed bug #67079 (Missing MIME types for XML/XSL files).
  • Fixed bug #66830 (Empty header causes PHP built-in web server to hang).
  • Fixed bug #67594 (Unable to access to apache_request_headers() elements).
  • Implemented FR #67429 (CLI server is missing some new HTTP response codes).
  • Fixed Bug #67406 (built-in web-server segfaults on startup).
  • COM:
  • Fixed bug #41577 (DOTNET is successful once per server run) (Aidas Kasparas)
  • Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)).
  • Curl:
  • Implemented FR #65646 (re-enable CURLOPT_FOLLOWLOCATION with open_basedir or safe_mode).
  • Check for openssl.cafile ini directive when loading CA certs.
  • Remove cURL close policy related constants as these have no effect and are no longer used in libcurl.
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset).
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
  • Date:
  • Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).
  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
  • Fixed regression in fix for bug #67118 (constructor can't be called twice).
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read).
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read).
  • Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable object from an existing DateTime (mutable) object (Derick)
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).
  • Fixed bug #67118 (DateTime constructor crash with invalid data).
  • DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
  • Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
  • Fileinfo:
  • Fixed bug #67716 (Segfault in cdf.c).
  • Fixed bug #67705 (extensive backtracking in rule regular expression).
  • Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
  • Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation).
  • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
  • Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain CDF files).
  • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size).
  • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check).
  • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check).
  • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check).
  • Upgraded to libmagic-5.17 (Anatol)
  • Fixed bug #66731 (file: infinite recursion).
  • Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270).
  • Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular expression).
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian).
  • Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
  • FPM:
  • Fix bug #67606 (revised fix 67541, broke mod_fastcgi BC).
  • Fixed bug #67530 (error_log=syslog ignored).
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
  • Fix bug #67531 (syslog cannot be set in pool configuration).
  • Fix bug #67541 (Fix Apache 2.4.10+ SetHandler proxy:fcgi:// incompatibilities).
  • Included apparmor support in fpm (RFC: http://wiki.php.net/rfc/fpm_change_hat).
  • Added clear_env configuration directive to disable clearenv() call.
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
  • Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185).
  • GD:
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions).
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference).
  • Fixed bug #67248 (imageaffinematrixget missing check of parameters).
  • Fixed imagettftext to load the correct character map rather than the last one.
  • Fixed bug #66714 ( imageconvolution breakage).
  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer CVE-2013-7327). (Tomas Hoger, Remi).
  • Fixed #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
  • Fixed bug #66887 (imagescale - poor quality of scaled image).
  • Fixed bug #66890 (imagescale segfault).
  • Fixed bug #66893 (imagescale ignore method argument).
  • GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
  • Fixed crashes in serialize/unserialize.
  • Moved GMP to use object as the underlying structure and implemented various improvements based on this.
  • Added gmp_root() and gmp_rootrem() functions for calculating nth roots.
  • Hash:
  • Added gost-crypto (CryptoPro S-box) GOST hash algo.
  • Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions). (Michael M Slusarz).
  • Implemented timing attack safe string comparison function (RFC: http://wiki.php.net/rfc/timing_attack).
  • hash_pbkdf2() now works correctly if the $length argument is not specified.
  • Intl:
  • Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas)
  • Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone).
  • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting).
  • Fixed bug #67349 (Locale::parseLocale Double Free).
  • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
  • JSON:
  • Fixed case part of bug #64874 ("json_decode handles whitespace and case-sensitivity incorrectly")
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) ([email protected])
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
  • ldap:
  • Added new function ldap_modify_batch().
  • Fixed issue with null bytes in LDAP bindings.
  • litespeed:
  • Fixed bug #63228 (-Werror=format-security error in lsapi code).
  • Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
  • Mcrypt:
  • No longer allow invalid key sizes, invalid IV sizes or missing required IV in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions.
  • Use /dev/urandom as the default source for mcrypt_create_iv().
  • Mbstring:
  • Upgraded to oniguruma 5.9.5 (Anatol)
  • Fixed bug #67199 (mb_regex_encoding mismatch).
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
  • mysqli:
  • Added new function mysqli_get_links_stats() as well as new INI variable mysqli.rollback_on_cached_plink of type bool (Andrey)
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)
  • Fixed building against an external libmysqlclient.
  • mysqlnd:
  • Disabled flag for SP OUT variables for 5.5+ servers as they are not natively supported by the overlying APIs.
  • Added a new fetching mode to mysqlnd.
  • Added support for gb18030 from MySQL 5.7.
  • Network:
  • Fixed bug #67717 (segfault in dns_get_record).
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()).
  • OCI8:
  • Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries) (Perrier, Chris Jones)
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char fields).
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
  • Fixed bug #67609 (TLS connections fail behind HTTP proxy).
  • Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable.
  • Fixed bug #67666 (Subject altNames doesn't support wildcard matching).
  • Fixed bug #67224 (Fall back to crypto_type from context if not specified explicitly in stream_socket_enable_crypto).
  • Fixed bug #65698 (certificates validity parsing does not work past 2050).
  • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
  • Peer certificates now verified by default in client socket operations (RFC: http://wiki.php.net/rfc/tls-peer-verification).
  • New openssl.cafile and openssl.capath ini directives.
  • Added crypto_method option for the ssl stream context.
  • Added certificate fingerprint support.
  • Added explicit TLSv1.1 and TLSv1.2 stream transports.
  • Fixed bug #65729 (CN_match gives false positive).
  • Peer name verification matches SAN DNS names for certs using the Subject Alternative Name x509 extension.
  • Fixed segfault when built against OpenSSL>=1.0.1 (Daniel Lowrey)
  • Added SPKAC support.
  • Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or "cafile" SSL context option specified in Windows.
  • The openssl.cafile and openssl.capath ini directives introduced in alpha2 now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL).
  • New "peer_name" SSL context option replaces "CN_match" (which still works as before but triggers E_DEPRECATED).
  • Fixed segfault when accessing non-existent context for client SNI use (Daniel Lowrey)
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key).
  • Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option allowing clients to verify cert names separately from the cert itself). "verify_peer_name" is enabled by default for client streams.
  • Fixed Bug #65538 ("cafile" SSL context option now supports stream wrappers).
  • New openssl_get_cert_locations() function to aid CA file and peer verification debugging.
  • Encrypted stream wrappers now disable TLS compression by default.
  • New "capture_session_meta" SSL context option allows encrypted client and server streams access to negotiated protocol/cipher information.
  • New "honor_cipher_order" SSL context option allows servers to prioritize cipher suites of their choosing when negotiating SSL/TLS handshakes.
  • New "single_ecdh_use" and "single_dh_use" SSL context options allow for improved forward secrecy in encrypted stream servers.
  • New "dh_param" SSL context option allows stream servers control over the parameters when negotiating DHE cipher suites.
  • New "ecdh_curve" SSL context option allowing stream servers to specify the curve to use when negotiating ephemeral ECDHE ciphers (defaults to NIST P-256).
  • New "rsa_key_size" SSL context option gives stream servers control over the key size (in bits) used for RSA key agreements.
  • Crypto methods for encrypted client and server streams now use bitwise flags for fine-grained protocol support.
  • Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2.
  • Encrypted client streams now enable SNI by default.
  • Encrypted streams now prioritize ephemeral key agreement and high strength ciphers by default.
  • New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher list.
  • New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto methods negotiated encrypted server/client sessions.
  • Encrypted stream servers now automatically mitigate potential DoS vector arising from client-initiated TLS renegotiation. New "reneg_limit", "reneg_window" and "reneg_limit_callback" SSL context options for custom renegotiation limiting control.
  • Fixed memory leak in windows cert verification on verify failure.
  • Peer certificate capturing via SSL context options now functions even if peer verification fails.
  • Encrypted TLS servers now support the server name indication TLS extension via the new "SNI_server_certs" SSL context option.
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
  • Fix bug #66942 (memory leak in openssl_seal()).
  • Fix bug #66952 (memory leak in openssl_open()).
  • Fix bug #66840 (Fix broken build when extension built separately).
  • OPcache:
  • Added an optimization of class constants and constant calls to some internal functions (Laruence, Dmitry)
  • Added an optimization pass to convert FCALL_BY_NAME into DO_FCALL.
  • Added an optimization pass to merged identical constants (and related cache_slots) in op_array->literals table.
  • Added script level constant replacement optimization pass.
  • Added function opcache_is_script_cached().
  • Added information about interned strings usage.
  • Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)
  • PCRE:
  • Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream).
  • Upgraded to PCRE 8.34.
  • Added support for (*MARK) backtracking verbs.
  • pgsql:
  • Fix bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3.
  • pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL.
  • Impremented FR #25854 Return value for pg_insert should be resource instead of bool.
  • Implemented FR #41146 - Add "description" with exteneded flag pg_meta_data(). pg_meta_data(resource $conn, string $table [, bool extended]) It also made pg_meta_data() return "is enum" always.
  • Read-only access to the socket stream underlying database connections is exposed via a new pg_socket() function to allow read/write polling when establishing asynchronous connections and executing queries in non-blocking applications.
  • Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC flag in conjunction with a new pg_connect_poll() function and connection polling status constants.
  • New pg_flush() and pg_consume_input() functions added to manually complete non-blocking reads/writes to underlying connection sockets.
  • pg_version() returns full report which obtained by PQparameterStatus().
  • Added pg_lo_truncate().
  • Added 64bit large object support for PostgreSQL 9.3 and later.
  • Fixed bug #67555 (Cannot build against libpq 7.3).
  • phpdbg:
  • Fixed bug #67575 (Compilation fails for phpdbg when the build directory != src directory).
  • Fix Bug #67499 (readline feature not enabled when build with libedit).
  • Fix issue krakjoe/phpdbg#94 (List behavior is inconsistent).
  • Fix issue krakjoe/phpdbg#97 (The prompt should always ensure it is on a newline).
  • Fix issue krakjoe/phpdbg#98 (break if does not seem to work).
  • Fix issue krakjoe/phpdbg#99 (register function has the same behavior as run).
  • Fix issue krakjoe/phpdbg#100 (No way to list the current stack/frames) (Help entry was missing).
  • Fixed bug which caused phpdbg to fail immediately on startup in non-debug builds.
  • Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ).
  • Included phpdbg sapi (RFC: http://wiki.php.net/rfc/phpdbg).
  • Added watchpoints (watch command).
  • Renamed some commands (next => continue and how to step).
  • Fixed issue #85 (http://github.com/krakjoe/phpdbg/issues/85) (Added stdin/stdout/stderr constants and their php:// wrappers).
  • PDO:
  • Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir).
  • PDO-ODBC:
  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
  • PDO_pgsql:
  • Fixed Bug #42614 (PDO_pgsql: add pg_get_notify support).
  • Fixed Bug #63657 (pgsqlCopyFromFile, pgsqlCopyToArray use Postgres < 7.3 syntax).
  • Cleaned up code by increasing the requirements to libpq versions providing PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According to the release notes that means 8.0.8+ or 8.1.4+.
  • Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES.
  • Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries without preparing them, while still passing parameters separately from the command text using PQexecParams.
  • PDO_firebird:
  • Fixed Bug #66071 (memory corruption in error handling) (Popa)
  • Phar:
  • Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name).
  • Fixed bug #67587 (Redirection loop on nginx with FPM).
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
  • Reflection:
  • Implemented FR #67713 (loosen the restrictions on ReflectionClass::newInstanceWithoutConstructor()).
  • Session:
  • Fixed bug #67694 (Regression in session_regenerate_id()).
  • Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
  • Fixed bug #66827 (Session raises E_NOTICE when session name variable is array).
  • Fixed Bug #65315 (session.hash_function silently fallback to default md5) (Yasuo)
  • Implemented Request #17860 (Session write short circuit).
  • Implemented Request #20421 (session_abort() and session_reset() function).
  • Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
  • SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
  • SQLite:
  • Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3).
  • SOAP:
  • Implemented FR #49898 (Add SoapClient::__getCookies()).
  • SPL:
  • Revert fix for bug #67064 (BC issues).
  • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting).
  • Fixed bug #67538 (SPL Iterators use-after-free).
  • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion) (CVE-2014-3515).
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
  • Fixed request #67453 (Allow to unserialize empty data).
  • Added feature #65545 (SplFileObject::fread()) (Tjerk)
  • Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk)
  • Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert).
  • Standard:
  • Implemented FR #65634 (HTTP wrapper is very slow with protocol_version 1.1).
  • Implemented Change crypt() behavior w/o salt RFC. (Yasuo) http://wiki.php.net/rfc/crypt_function_salt
  • Implemented request #49824 (Change array_fill() to allow creating empty array).
  • Streams:
  • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects).
  • Tokenizer:
  • Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL token).
  • XMLReader:
  • Fixed bug #55285 (XMLReader::getAttribute/No/Ns methods inconsistency).
  • XSL:
  • Fixed bug #53965 ( cannot find files with relative paths when loaded with "file://").
  • Zip:
  • update libzip to version 1.11.2. PHP don't use any ilibzip private symbol anymore.
  • new method ZipArchive::setPassword($password).
  • add --with-libzip option to build with system libzip.
  • new methods: ZipArchive::setExternalAttributesName($name, $opsys, $attr [, $flags]) ZipArchive::setExternalAttributesIndex($idx, $opsys, $attr [, $flags]) ZipArchive::getExternalAttributesName($name, &$opsys, &$attr [, $flags]) ZipArchive::getExternalAttributesIndex($idx, &$opsys, &$attr [, $flags])
  • Zlib:
  • Fixed bug #67865 (internal corruption phar error). Mike
  • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data).

New in PHP 5.5.16 (August 22nd, 2014)

  • COM:
  • Fixed missing type checks in com_event_sink.
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array).
  • Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538).
  • Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587)).
  • FPM:
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config).
  • GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497).
  • Fixed bug #67730 (Null byte injection possible with imagexxx functions). (CVE-2014-5120).
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly).
  • Network:
  • Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597).
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options.
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt).
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c).
  • Sessions:
  • Fixed missing type checks in php_session_create_id.
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields).

New in PHP 5.6.0 RC 4 (August 14th, 2014)

  • COM:
  • Fixed bug #41577 (DOTNET is successful once per server run) (Aidas Kasparas)
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array)(Tjerk)
  • Removed inconsistency regarding behaviour of array in constants at run-time(Bob)
  • Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression)(CVE-2014-3538) (Remi)
  • FPM:
  • Fix bug #67606 (revised fix 67541, broke mod_fastcgi BC)(David Zuelke)
  • GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference)(CVE-2014-2497) (Remi)
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly)(Mike)
  • OpenSSL:
  • Fixed bug #41631 (socket timeouts not honored in blocking SSL reads) (Daniel Lowrey).
  • SPL:
  • Revert fix for bug #67064 (BC issues)(Bob)
  • Zlib:
  • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data)(Mike)
  • Date:
  • Fixed bug #66091 (memory leaks in DateTime constructor) (Tjerk).

New in PHP 5.5.1.6 RC 1 (August 7th, 2014)

  • COM:
  • Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
  • Fileinfo:
  • Fixed bug #67705 (extensive backtracking in rule regular expression). (CVE-2014-3538) (Remi)
  • FPM:
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config). ([email protected], Remi)
  • GD:
  • Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). (CVE-2014-2497) (Remi)
  • Milter:
  • Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike)
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes)
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes)
  • Sessions:
  • Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
  • Core:
  • Fixed bug #67693 (incorrect push to the empty array) (Tjerk)
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur)
  • Zlib:
  • Fixed bug #67724 (chained zlib filters silently fail with large amounts of data). (Mike)

New in PHP 5.6.0 RC 3 (August 1st, 2014)

  • Core:
  • Fixed bug #67497 (eval with parse error causes segmentation fault in generator). (Nikita)
  • Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz)
  • Fixed bug #66608 (Incorrect behavior with nested "finally" blocks). (Laruence, Dmitry)
  • Implemented FR #34407 (ucwords and Title Case). (Tjerk)
  • COM:
  • Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas).
  • CLI server:
  • Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam)
  • Fixed bug #67594 (Unable to access to apache_request_headers() elements). (Tjerk)
  • FPM:
  • Fixed bug #67530 (error_log=syslog ignored). (Remi)
  • Fixed bug #67635 (php links to systemd libraries without using pkg-config). ([email protected], Remi)
  • Intl:
  • Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone). (Stas)
  • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas)
  • pgsql:
  • Fixed bug #67555 (Cannot build against libpq 7.3). (Adam)
  • ODBC:
  • Fixed bug #60616 (odbc_fetch_into returns junk at end of multi-byte char fields). (Keyur Govande)
  • OpenSSL:
  • Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas).
  • Fixed bug #67609 (TLS connections fail behind HTTP proxy). (Daniel Lowrey)
  • Fixed broken build against OpenSSL older than 0.9.8 where ECDH unavailable. (Lior Kaplan)
  • Fixed bug #67666 (Subject altNames doesn't support wildcard matching). (Tjerk)
  • Phar:
  • Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
  • readline:
  • Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes)
  • Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes)
  • Reflection:
  • Implemented FR #67713 (loosen the restrictions on ReflectionClass::newInstanceWithoutConstructor()). (Ferenc)
  • SPL:
  • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence)
  • Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
  • Session:
  • Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas).
  • Fixed bug #66827 (Session raises E_NOTICE when session name variable is array). (Yasuo)
  • OPCache:
  • Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)
  • phpdbg:
  • Fixed bug #67575 (Compilation fails for phpdbg when the build directory != src directory). (Andy Thompson)

New in PHP 5.5.15 (July 23rd, 2014)

  • Core:
  • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam)
  • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob)
  • Fixed bug #67091 (make install fails to install libphp5.so on FreeBSD 10.0). (Ferenc)
  • Fixed bug #67497 (eval with parse error causes segmentation fault in generator). (Nikita)
  • Fixed bug #67151 (strtr with empty array crashes). (Nikita)
  • Fixed bug #67407 (Windows 8.1/Server 2012 R2 reported as Windows 8/Server 2012). (Christian Wenz)
  • CLI server:
  • Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam)
  • Fixed bug #66830 (Empty header causes PHP built-in web server to hang). (Adam)
  • FPM:
  • Fixed bug #67530 (error_log=syslog ignored). (Remi)
  • Fixed bug #67531 (syslog cannot be set in pool configuration). (Remi)
  • Intl:
  • Fixed bug #66921 (Wrong argument type hint for function intltz_from_date_time_zone). (Stas)
  • Fixed bug #67052 (NumberFormatter::parse() resets LC_NUMERIC setting). (Stas)
  • OPCache:
  • Fixed bug #67215 (php-cgi work with opcache, may be segmentation fault happen) (Dmitry, Laruence)
  • pgsql:
  • Fixed bug #67550 (Error in code "form" instead of "from", pgsql.c, line 756), which affected builds against libpq < 7.3. (Adam)
  • Phar:
  • Fixed bug #67587 (Redirection loop on nginx with FPM). (Christian Weiske)
  • SPL:
  • Fixed bug #67539 (ArrayIterator use-after-free due to object change during sorting). (research at insighti dot org, Laruence)
  • Fixed bug #67538 (SPL Iterators use-after-free). (CVE-2014-4670) (Laruence)
  • Streams:
  • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)

New in PHP 5.5.14 (June 30th, 2014)

  • CLI server:
  • Fixed bug #67406 (built-in web-server segfaults on startup).
  • Core:
  • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases).
  • Fixed bug #67390 (insecure temporary file use in the configure script). (CVE-2014-3981).
  • Fixed bug #67399 (putenv with empty variable may lead to crash).
  • Fixed bug #67498 (phpinfo() Type Confusion Information Leak Vulnerability).
  • Fixed BC break introduced by patch for bug #67072.
  • Date:
  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second).
  • Fixed regression in fix for bug #67118 (constructor can't be called twice).
  • Fileinfo:
  • Fixed bug #67326 (cdf_read_short_sector insufficient boundary check). (CVE-2014-0207)).
  • Fixed bug #67410 (mconvert incorrect handling of truncated pascal string size). (CVE-2014-3478).
  • Fixed bug #67411 (cdf_check_stream_offset insufficient boundary check). (CVE-2014-3479).
  • Fixed bug #67412 (cdf_count_chain insufficient boundary check). (CVE-2014-3480).
  • Fixed bug #67413 (cdf_read_property_info insufficient boundary check). (CVE-2014-3487).
  • Intl:
  • Fixed bug #67349 (Locale::parseLocale Double Free).
  • Fixed bug #67397 (Buffer overflow in locale_get_display_name and uloc_getDisplayName (libicu 4.8.1)).
  • Network:
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049)).
  • OPCache:
  • Fixed issue #183 (TMP_VAR is not only used once).
  • OpenSSL:
  • Fixed bug #65698 (certificates validity parsing does not work past 2050).
  • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME).
  • PDO-ODBC:
  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
  • SOAP:
  • Implemented FR #49898 (Add SoapClient::__getCookies()).
  • SPL:
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset).
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator).
  • Fixed bug #67360 (Missing element after ArrayObject::getIterator).
  • Fixed bug #67492 (unserialize() SPL ArrayObject / SPLObjectStorage Type Confusion). (CVE-2014-3515).

New in PHP 5.6.0 RC 1 (June 20th, 2014)

  • Core:
  • Implemented FR #64744 (Differentiate between member function call on a null and non-null, non-objects). (Boro Sitnikovski)
  • Fixed bug #67436 (Autoloader isn't called if two method definitions don't match). (Bob)
  • Fixed bug #66622 (Closures do not correctly capture the late bound class (static::) in some cases). (Levi Morrison)
  • Fixed bug #67390 (insecure temporary file use in the configure script). (Remi) (CVE-2014-3981)
  • Fixed bug #67392 (dtrace breaks argument unpack). (Nikita)
  • Fixed bug #67428 (header('Location: foo') will override a 308-399 response code). (Adam)
  • Fixed bug #67433 (SIGSEGV when using count() on an object implementing Countable). (Matteo)
  • Fixed bug #67399 (putenv with empty variable may lead to crash). (Stas)
  • CLI server:
  • Implemented FR #67429 (CLI server is missing some new HTTP response codes). (Adam)
  • Fixed Bug #67406 (built-in web-server segfaults on startup). (Remi)
  • Fileinfo:
  • Fixed bug #67410 (fileinfo: mconvert incorrect handling of truncated pascal string size). (Francisco Alonso, Jan Kaluza, Remi)
  • Fixed bug #67411 (fileinfo: cdf_check_stream_offset insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi)
  • Fixed bug #67412 (fileinfo: cdf_count_chain insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi)
  • Fixed bug #67413 (fileinfo: cdf_read_property_info insufficient boundary check). (Francisco Alonso, Jan Kaluza, Remi)
  • mysqlnd:
  • Added support for gb18030 from MySQL 5.7. (Andrey)
  • Network:
  • Fixed bug #67432 (Fix potential segfault in dns_get_record()). (CVE-2014-4049). (Sara)
  • OpenSSL:
  • Fixed bug #65698 (certificates validity parsing does not work past 2050). (Paul Oehler)
  • Fixed bug #66636 (openssl_x509_parse warning with V_ASN1_GENERALIZEDTIME). (Paul Oehler)
  • phpdbg:
  • Fixed bug #67212 (phpdbg uses non-standard TIOCGWINSZ). (Ferenc)
  • SOAP:
  • Implemented FR #49898 (Add SoapClient::__getCookies()). (Boro Sitnikovski)
  • SPL:
  • Fixed bug #66127 (Segmentation fault with ArrayObject unset). (Stas)
  • Fixed request #67453 (Allow to unserialize empty data). (Remi)
  • Streams:
  • Fixed bug #67430 (http:// wrapper doesn't follow 308 redirects). (Adam)
  • Tokenizer:
  • Fixed bug #67395 (token_name() does not return name for T_POW and T_POW_EQUAL token). (Ferenc)

New in PHP 5.6.0 Beta 4 (June 5th, 2014)

  • Core:
  • Fixed bug #67249 (printf out-of-bounds read). (Stas)
  • Date:
  • Fixed bug #67308 (Serialize of DateTime truncates fractions of second). (Adam)
  • Fileinfo:
  • Fixed bug #67327 (fileinfo: CDF infinite loop in nelements DoS).
  • Fixed bug #67328 (fileinfo: fileinfo: numerous file_printf calls resulting in performance degradation).
  • Fixed bug #67326 (fileinfo: cdf_read_short_sector insufficient boundary check).
  • Fixed bug #67329 (fileinfo: NULL pointer deference flaw by processing certain CDF files).
  • SPL:
  • Fixed bug #67359 (Segfault in recursiveDirectoryIterator). (Laruence)
  • phpdbg:
  • Fixed bug which caused phpdbg to fail immediately on startup in non-debug builds. (Bob)

New in PHP 5.5.13 (May 27th, 2014)

  • CLI server:
  • Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
  • COM:
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
  • Core:
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski)
  • Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
  • Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob)
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  • Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  • Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
  • Curl:
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
  • Date:
  • Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
  • DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol)
  • Fileinfo:
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  • FPM:
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos)
  • GD:
  • Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
  • PCRE:
  • Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol)
  • Phar:
  • Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)

New in PHP 5.6.0 Beta 3 (May 16th, 2014)

  • A bug fix-only release.

New in PHP 5.5.13 RC 1 (May 15th, 2014)

  • CLI server:
  • Fixed bug #67079 (Missing MIME types for XML/XSL files). (Anatol)
  • COM:
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)). (Anatol)
  • Core:
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()). (Boro Sitnikovski)
  • Fixed bug #67072 (Echoing unserialized "SplFileObject" crash). (Anatol)
  • Fixed bug #67245 (usage of memcpy() with overlapping src and dst in zend_exceptions.c). (Bob)
  • Fixed bug #67247 (spl_fixedarray_resize integer overflow). (Stas)
  • Fixed bug #67250 (iptcparse out-of-bounds read). (Stas)
  • Fixed bug #67252 (convert_uudecode out-of-bounds read). (Stas)
  • Curl:
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
  • Date:
  • Fixed bug #67118 (DateTime constructor crash with invalid data). (Anatol)
  • Fixed bug #67251 (date_parse_from_format out-of-bounds read). (Stas)
  • Fixed bug #67253 (timelib_meridian_with_check out-of-bounds read). (Stas)
  • DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset). (Anatol)
  • Fileinfo:
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files). (Anatol)
  • FPM:
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor). (Julio Pintos)
  • GD:
  • Fixed bug #67248 (imageaffinematrixget missing check of parameters). (Stas)
  • PCRE:
  • Fixed bug #67238 (Ungreedy and min/max quantifier bug, applied patch from the upstream). (Anatol)
  • Phar:
  • Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)

New in PHP 5.6.0 Beta 2 (May 2nd, 2014)

  • CLI server:
  • Fixed bug #67079 (Missing MIME types for XML/XSL files).
  • COM:
  • Fixed bug #66431 (Special Character via COM Interface (CP_UTF8)).
  • Core:
  • Fixed bug #65701 (copy() doesn't work when destination filename is created by tempnam()).
  • Fixed bug #66015 (Unexpected array indexing in class's static property).
  • Added (constant) string/array dereferencing to static scalar expressions to complete the set; now possible thanks to bug #66015 being fixed.
  • Fixed bug #66568 (Update reflection information for unserialize() function).
  • Fixed bug #66660 (Composer.phar install/update fails).
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative height).
  • Fixed bug #67064 (Countable interface prevents using 2nd parameter ($mode) of count() function).
  • Fixed bug #67072 (Echoing unserialized "SplFileObject" crash).
  • Fixed bug #67033 (Remove reference to Windows 95).
  • cURL:
  • Fixed bug #64247 (CURLOPT_INFILE doesn't allow reset). (Mike)
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent).
  • Date:
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied).
  • Fixed bug #67118 (DateTime constructor crash with invalid data).
  • DOM:
  • Fixed bug #67081 (DOMDocumentType->internalSubset returns entire DOCTYPE tag, not only the subset).
  • Fileinfo:
  • Fixed bug #66907 (Solaris 10 is missing strcasestr and needs substitute).
  • Fixed bug #66307 (Fileinfo crashes with powerpoint files).
  • FPM:
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • Fixed bug #66908 (php-fpm reload leaks epoll_create() file descriptor).
  • Fixed bug #67060 (sapi/fpm: possible privilege escalation due to insecure default configuration) (CVE-2014-0185).
  • GMP:
  • Fixed crashes in serialize/unserialize.
  • JSON:
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set).
  • LDAP:
  • Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
  • litespeed
  • Fixed bug #63228 (-Werror=format-security error in lsapi code).
  • mysqlnd:
  • Added a new fetching mode to mysqlnd.
  • OpenSSL:
  • Fix bug #66942 (memory leak in openssl_seal()).
  • Fix bug #66952 (memory leak in openssl_open()).
  • Fix bug #66840 (Fix broken build when extension built separately).
  • phpdbg:
  • Added watchpoints (watch command).
  • Renamed some commands (next => continue and how to step).
  • Fixed issue #85 (http://github.com/krakjoe/phpdbg/issues/85).
  • PDO:
  • Fixed bug #66604 ('pdo/php_pdo_error.h' not copied to the include dir).
  • PDO-ODBC:
  • Fixed bug #50444 (PDO-ODBC changes for 64-bit).
  • Phar:
  • Fix bug #64498 ($phar->buildFromDirectory can't compress file with an accent in its name). (PR #588)
  • SQLite:
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3).
  • Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue http://issues.apache.org/bugzilla/show_bug.cgi?id=56120).

New in PHP 5.5.12 (May 1st, 2014)

  • Core:
  • Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike)
  • Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  • Fixed bug #66736 (fpassthru broken). (Mike)
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella)
  • Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
  • cURL:
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten)
  • Date:
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski)
  • Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
  • Fileinfo:
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)
  • FPM:
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • Fixed bug #67060 (possible privilege escalation due to insecure default configuration). (CVE-2014-0185) (christian at hoffie dot info)
  • JSON:
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel)
  • LDAP:
  • Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
  • mysqli:
  • Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey)
  • OpenSSL:
  • Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
  • Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
  • SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
  • SQLite:
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
  • XSL:
  • Fixed bug #53965 ( cannot find files with relative paths when loaded with "file://"). (Anatol)
  • Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue http://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)

New in PHP 5.5.12 RC 1 (April 18th, 2014)

  • Core:
  • Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike)
  • Fixed bug #64604 (parse_url is inconsistent with specified port). (Ingo Walz)
  • Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  • Fixed bug #66736 (fpassthru broken). (Mike)
  • Fixed bug #67024 (getimagesize should recognize BMP files with negative height). (Gabor Buella)
  • Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
  • cURL:
  • Fixed bug #66562 (curl_exec returns differently than curl_multi_getcontent). (Freek Lijten)
  • Date:
  • Fixed bug #66721 (__wakeup of DateTime segfaults when invalid object data is supplied). (Boro Sitnikovski)
  • Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
  • Fileinfo:
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)
  • FPM:
  • Fixed bug #66482 (unknown entry 'priority' in php-fpm.conf).
  • JSON:
  • Fixed bug #66021 (Blank line inside empty array/object when JSON_PRETTY_PRINT is set). (Kevin Israel)
  • LDAP:
  • Fixed issue with null bytes in LDAP bindings. (Matthew Daley)
  • mysqli:
  • Fixed problem in mysqli_commit()/mysqli_rollback() with second parameter (extra comma) and third parameters (lack of escaping). (Andrey)
  • OpenSSL:
  • Fix bug #66942 (memory leak in openssl_seal()). (Chuan Ma)
  • Fix bug #66952 (memory leak in openssl_open()). (Chuan Ma)
  • SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
  • SQLite:
  • Fixed bug #66967 (Updated bundled libsqlite to 3.8.4.3). (Anatol)
  • XSL:
  • Fixed bug #53965 ( cannot find files with relative paths when loaded with "file://"). (Anatol)
  • Apache2 Handler SAPI:
  • Fixed Apache log issue caused by APR's lack of support for %zu (APR issue http://issues.apache.org/bugzilla/show_bug.cgi?id=56120). (Jeff Trawick)

New in PHP 5.6.0 Beta 1 (April 12th, 2014)

  • Highlights:
  • A new method called fread() to the SplFileObject class
  • A new static method called createFromMutable() to the DateTimeImmutable class
  • A new function called hash_compare()
  • Support for marks to the PCRE extension
  • Support for asynchronous connections and queries to the Pgsql extension
  • Core:
  • Allow zero length comparison in substr_compare() (Tjerk)
  • Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
  • Fixed bug #61019 (Out of memory on command stream_get_contents). (Mike)
  • Fixed bug #64330 (stream_socket_server() creates wrong Abstract Namespace UNIX sockets). (Mike)
  • Fixed bug #66182 (exit in stream filter produces segfault). (Mike)
  • Fixed bug #66736 (fpassthru broken). (Mike)
  • Fixed bug #66822 (Cannot use T_POW in const expression) (Tjerk)
  • Fixed bug #67043 (substr_compare broke by previous change) (Tjerk)
  • SPL:
  • Added feature #65545 (SplFileObject::fread()) (Tjerk)
  • Fixed bug #66834 (empty() does not work on classes that extend ArrayObject) (Tjerk)
  • Fixed bug #66702 (RegexIterator::INVERT_MATCH does not invert). (Joshua Thijssen)
  • cURL:
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. (Adam)
  • Date:
  • Added DateTimeImmutable::createFromMutable to create a DateTimeImmutable object from an existing DateTime (mutable) object (Derick)
  • Embed:
  • Fixed bug #65715 (php5embed.lib isn't provided anymore). (Anatol).
  • Fileinfo:
  • Fixed bug #66820 (out-of-bounds memory access in fileinfo) (CVE-2014-2270). (Remi)
  • Fixed bug #66946i (fileinfo: extensive backtracking in awk rule regular expression). (CVE-2013-7345) (Remi)
  • Fixed bug #66987 (Memory corruption in fileinfo ext / bigendian). (Remi)
  • GD:
  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer CVE-2013-7327). (Tomas Hoger, Remi).
  • Fixed #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
  • Fixed bug #66887 (imagescale poor quality of scaled image). (Remi)
  • Fixed bug #66890 (imagescale segfault). (Remi)
  • Fixed bug #66893 (imagescale ignore method argument). (Remi)
  • GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
  • Hash:
  • Fixed bug #66698 (Missing FNV1a32 and FNV1a64 hash functions). (Michael M Slusarz).
  • Implemented timing attack safe string comparison function (RFC: http://wiki.php.net/rfc/timing_attack). (Rouven Weßling)
  • hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita)
  • Intl:
  • Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas)
  • Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
  • Mbstring:
  • Upgraded to oniguruma 5.9.5 (Anatol)
  • Mcrypt:
  • No longer allow invalid key sizes, invalid IV sizes or missing required IV in mcrypt_encrypt, mcrypt_decrypt and the deprecated mode functions. (Nikita)
  • Use /dev/urandom as the default source for mcrypt_create_iv(). (Nikita)
  • MySQLi:
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)
  • OCI8:
  • Fixed Bug #66875 (Improve performance of multi-row OCI_RETURN_LOB queries)
  • (Perrier, Chris Jones)
  • OpenSSL:
  • Fixed memory leak in windows cert verification on verify failure. (Chris Wright)
  • Peer certificate capturing via SSL context options now functions even if peer verification fails. (Daniel Lowrey)
  • Encrypted TLS servers now support the server name indication TLS extension via the new "SNI_server_certs" SSL context option. (Daniel Lowrey)
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
  • PCRE:
  • Added support for (*MARK) backtracking verbs. (Nikita)
  • PDO_firebird:
  • Fixed Bug #66071 (memory corruption in error handling) (Popa)
  • PDO_pgsql:
  • Cleaned up code by increasing the requirements to libpq versions providing PQexecParams, PQprepare, PQescapeStringConn, PQescapeByteaConn. According to the release notes that means 8.0.8+ or 8.1.4+. (Matteo)
  • Deprecated PDO::PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT, an undocument constant effectively equivalent to PDO::ATTR_EMULATE_PREPARES. (Matteo)
  • Added PDO::PGSQL_ATTR_DISABLE_PREPARES constant to execute the queries without preparing them, while still passing parameters separately from the command text using PQexecParams. (Matteo)
  • Pgsql:
  • Read-only access to the socket stream underlying database connections is exposed via a new pg_socket() function to allow read/write polling when establishing asynchronous connections and executing queries in non-blocking applications. (Daniel Lowrey)
  • Asynchronous connections are now possible using the PGSQL_CONNECT_ASYNC flag in conjunction with a new pg_connect_poll() function and connection polling status constants. (Daniel Lowrey)
  • New pg_flush() and pg_consume_input() functions added to manually complete non-blocking reads/writes to underlying connection sockets. (Daniel Lowrey)
  • Session:
  • Remove session_gc() and session_serializer_name() wich were introduced in the first 5.6.0 alpha.
  • SimpleXML:
  • Fixed bug #66084 (simplexml_load_string() mangles empty node name) (Anatol)
  • SQLite:
  • Updated the bundled libsqlite to the version 3.8.3.1 (Anatol)
  • XSL:
  • Fixed bug #53965 ( cannot find files with relative paths when loaded with "file://"). (Anatol)

New in PHP 5.6.0 Alpha 3 (April 4th, 2014)

  • Core:
  • Expose get_debug_info class hook as __debugInfo() magic method. (Sara)
  • Implemented unified default encoding (RFC: http://wiki.php.net/rfc/default_encoding). (Yasuo Ohgaki)
  • Curl:
  • Check for openssl.cafile ini directive when loading CA certs. (Daniel Lowrey)
  • Remove cURL close policy related constants as these have no effect and are no longer used in libcurl. (Chris Wright)
  • Fileinfo:
  • Upgraded to libmagic-5.17 (Anatol)
  • Fixed bug #66731 (file: infinite recursion). (CVE-2014-1943) (Remi)
  • FPM:
  • Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley)
  • GD:
  • Fixed imagettftext to load the correct character map rather than the last one. (Scott)
  • Fixed bug #66714 ( imageconvolution breakage). (Brad Daily)
  • JSON:
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) ([email protected])
  • OPCache:
  • Added function opcache_is_script_cached(). (Danack)
  • Added information about interned strings usage. (Terry, Julien, Dmitry)
  • Openssl:
  • Fallback to Windows CA cert store for peer verification if no openssl.cafile ini directive or "cafile" SSL context option specified in Windows. (Chris Wright)
  • The openssl.cafile and openssl.capath ini directives introduced in alpha2 now have PHP_INI_PERDIR accessibility (was PHP_INI_ALL). (Daniel Lowrey)
  • New "peer_name" SSL context option replaces "CN_match" (which still works as before but triggers E_DEPRECATED). (Daniel Lowrey)
  • Fixed segfault when accessing non-existent context for client SNI use (Daniel Lowrey)
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). (Mark Zedwood)
  • Fixed Bug #47030 (add new boolean "verify_peer_name" SSL context option allowing clients to verify cert names separately from the cert itself). "verify_peer_name" is enabled by default for client streams. (Daniel Lowrey)
  • Fixed Bug #65538 ("cafile" SSL context option now supports stream wrappers). (Daniel Lowrey)
  • New openssl_get_cert_locations() function to aid CA file and peer verification debugging. (Daniel Lowrey)
  • Encrypted stream wrappers now disable TLS compression by default. (Daniel Lowrey)
  • New "capture_session_meta" SSL context option allows encrypted client and server streams access to negotiated protocol/cipher information. (Daniel Lowrey)
  • New "honor_cipher_order" SSL context option allows servers to prioritize cipher suites of their choosing when negotiating SSL/TLS handshakes. (Daniel Lowrey)
  • New "single_ecdh_use" and "single_dh_use" SSL context options allow for improved forward secrecy in encrypted stream servers. (Daniel Lowrey)
  • New "dh_param" SSL context option allows stream servers control over the parameters when negotiating DHE cipher suites. (Daniel Lowrey)
  • New "ecdh_curve" SSL context option allowing stream servers to specify the curve to use when negotiating ephemeral ECDHE ciphers (defaults to NIST P-256). (Daniel Lowrey)
  • New "rsa_key_size" SSL context option gives stream servers control over the key size (in bits) used for RSA key agreements. (Daniel Lowrey)
  • Crypto methods for encrypted client and server streams now use bitwise flags for fine-grained protocol support. (Daniel Lowrey)
  • Added new tlsv1.0 stream wrapper to specify TLSv1 client/server method. tls wrapper now negotiates TLSv1, TLSv1.1 or TLSv1.2. (Daniel Lowrey)
  • Encrypted client streams now enable SNI by default. (Daniel Lowrey)
  • Encrypted streams now prioritize ephemeral key agreement and high strength ciphers by default. (Daniel Lowrey)
  • New OPENSSL_DEFAULT_STREAM_CIPHERS constant exposes default cipher list. (Daniel Lowrey)
  • New STREAM_CRYPTO_METHOD_* constants for enhanced control over the crypto methods negotiated encrypted server/client sessions. (Daniel Lowrey)
  • Encrypted stream servers now automatically mitigate potential DoS vector arising from client-initiated TLS renegotiation. New "reneg_limit", "reneg_window" and "reneg_limit_callback" SSL context options for custom renegotiation limiting control. (Daniel Lowrey)
  • Pgsql:
  • pg_insert()/pg_select()/pg_update()/pg_delete() are no longer EXPERIMENTAL. (Yasuo)
  • Impremented FR #25854 Return value for pg_insert should be resource instead of bool. (Yasuo)
  • Implemented FR #41146 Add "description" with exteneded flag pg_meta_data(). pg_meta_data(resource $conn, string $table [, bool extended]) It also made pg_meta_data() return "is enum" always. (Yasuo)

New in PHP 5.5.11 (April 4th, 2014)

  • Core:
  • Fixed bug #60602 (proc_open() changes environment array).
  • Allow zero length comparison in substr_compare().
  • cURL:
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour).
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive.
  • Fileinfo:
  • Fixed bug #66946 (fileinfo: extensive backtracking in awk rule regular expression (CVE-2013-7345)).
  • FPM:
  • Added clear_env configuration directive to disable clearenv() call.
  • GD:
  • Fixed bug #66714 (imageconvolution breakage).
  • Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget).
  • Fixed bug #66887 (imagescale - poor quality of scaled image).
  • Fixed bug #66890 (imagescale segfault).
  • Fixed bug #66893 (imagescale ignore method argument).
  • GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit).
  • Hash:
  • hash_pbkdf2() now works correctly if the $length argument is not specified.
  • Intl:
  • Fixed bug #66873 A reproductible crash in UConverter when given invalid encoding.
  • Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script).
  • MySQLi:
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed).
  • OPCache:
  • Added function opcache_is_script_cached().
  • Added information about interned strings usage.
  • Openssl:
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1).
  • SQLite:
  • Updated bundled libsqlite to 3.8.3.1.
  • SPL:
  • Added feature #65545 (SplFileObject::fread()).

New in PHP 5.5.11 RC 1 (March 19th, 2014)

  • Core:
  • Allow zero length comparison in substr_compare() (Tjerk)
  • Fixed bug #60602 (proc_open() changes environment array) (Tjerk)
  • SPL:
  • Added feature #65545 (SplFileObject::fread()) (Tjerk)
  • cURL:
  • Fixed bug #66109 (Can't reset CURLOPT_CUSTOMREQUEST to default behaviour) (Tjerk)
  • Fix compilation on libcurl versions between 7.10.5 and 7.12.2, inclusive. (Adam)
  • FPM:
  • Added clear_env configuration directive to disable clearenv() call. (Github PR# 598, Paul Annesley)
  • GD:
  • Fixed bug #66714 (imageconvolution breakage). (Brad Daily)
  • Fixed bug #66869 (Invalid 2nd argument crashes imageaffinematrixget) (Pierre)
  • Fixed bug #66887 (imagescale poor quality of scaled image). (Remi)
  • Fixed bug #66890 (imagescale segfault). (Remi)
  • Fixed bug #66893 (imagescale ignore method argument). (Remi)
  • Hash:
  • hash_pbkdf2() now works correctly if the $length argument is not specified. (Nikita)
  • Intl:
  • Fixed bug #66873 (A reproductible crash in UConverter when given invalid encoding) (Stas)
  • Mail:
  • Fixed bug #66535 (Don't add newline after X-PHP-Originating-Script) (Tjerk)
  • MySQLi:
  • Fixed bug #66762 (Segfault in mysqli_stmt::bind_result() when link closed) (Remi)
  • OPCache:
  • Added function opcache_is_script_cached(). (Danack)
  • Added information about interned strings usage. (Terry, Julien, Dmitry)
  • Openssl:
  • Fixed bug #66833 (Default disgest algo is still MD5, switch to SHA1). (Remi)
  • GMP:
  • Fixed bug #66872 (invalid argument crashes gmp_testbit) (Pierre)
  • SQLite:
  • Updated bundled libsqlite to 3.8.3.1 (Anatol)

New in PHP 5.5.10 (March 6th, 2014)

  • Core:
  • Fixed Request #66574i (Allow multiple paths in php_ini_scanned_path). (Remi)
  • Date:
  • Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too). (Derick)
  • Fileinfo:
  • Fixed bug #66731 (file: infinite recursion) (CVE-2014-1943). (Remi)
  • Fixed bug #66820 (out-of-bounds memory access in fileinfo). (Remi)
  • GD:
  • Fixed bug #66815 (imagecrop(): insufficient fix for NULL defer CVE-2013-7327). (Tomas Hoger, Remi)
  • JSON:
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) ([email protected])
  • LDAP:
  • Implemented ldap_modify_batch (http://wiki.php.net/rfc/ldap_modify_batch). (Ondřej Hošek)
  • Openssl:
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). (Mark Zedwood)
  • PCRE:
  • Upgraded to PCRE 8.34. (Anatol)
  • Pgsql:
  • Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo)

New in PHP 5.5.10 RC 1 (February 20th, 2014)

  • Core:
  • Fixed Request #66574i (Allow multiple paths in php_ini_scanned_path). (Remi)
  • Date:
  • Fixed bug #45528 (Allow the DateTimeZone constructor to accept timezones per offset too). (Derick)
  • Fileinfo:
  • Bug #66731 (file: infinite recursion) (CVE-2014-1943). (Remi)
  • JSON:
  • Fixed bug #65753 (JsonSerializeable couldn't implement on module extension) ([email protected])
  • LDAP:
  • Implemented ldap_modify_batch (http://wiki.php.net/rfc/ldap_modify_batch). (Ondřej Hošek)
  • Openssl:
  • Fixed bug #66501 (Add EC key support to php_openssl_is_private_key). (Mark Zedwood)
  • PCRE:
  • Upgraded to PCRE 8.34. (Anatol)
  • Pgsql:
  • Added warning for dangerous client encoding and remove possible injections for pg_insert()/pg_update()/pg_delete()/pg_select(). (Yasuo)

New in PHP 5.6.0 Alpha 2 (February 15th, 2014)

  • Peer certificates are now verified by default when connecting to SSL/TLS servers
  • An exponentiation operator has been added:
  • Output encoding handling has been simplified by using default_charset as the default character encoding

New in PHP 5.5.9 (February 5th, 2014)

  • Core:
  • Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
  • GD:
  • Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence, Remi)
  • OPCache:
  • Fixed bug #66474 (Optimizer bug in constant string to boolean conversion). (Dmitry)
  • Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0). (Dmitry)
  • Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend). (Laruence)
  • PDO_pgsql:
  • Fixed bug #62479 (PDO-psql cannot connect if password contains
  • spaces) (willfitch, iliaa)
  • Readline:
  • Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after #65714). (Remi)
  • Session:
  • Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1) (Yasuo)
  • Fixed bug #66481 (Segfaults on session_name()). (cmcdermottroe at engineyard dot com, Yasuo)
  • Standard:
  • Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)
  • Sockets:
  • Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)
  • Zend Engine:
  • Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012). (Anatol)

New in PHP 5.6.0 Alpha 1 (January 25th, 2014)

  • New features:
  • constant scalar expressions,
  • variadic functions,
  • argument unpacking,
  • support for large(>2GiB) file uploads,
  • SSL/TLS improvements,
  • a new command line debugger called phpdbg.

New in PHP 5.5.9 RC 1 (January 24th, 2014)

  • Core:
  • Fixed bug #66509 (copy() arginfo has changed starting from 5.4). (willfitch)
  • GD:
  • Fixed bug #66356 (Heap Overflow Vulnerability in imagecrop()). (Laruence, Remi)
  • OPCache:
  • Fixed bug #66474 (Optimizer bug in constant string to boolean conversion). (Dmitry)
  • Fixed bug #66461 (PHP crashes if opcache.interned_strings_buffer=0). (Dmitry)
  • Fixed bug #66298 (ext/opcache/Optimizer/zend_optimizer.c has dos-style ^M as lineend). (Laruence)
  • PDO_pgsql:
  • Fixed bug #62479 (PDO-psql cannot connect if password contains
  • spaces) (willfitch, iliaa)
  • Readline
  • Fixed Bug #66412 (readline_clear_history() with libedit causes segfault after #65714). (Remi)
  • Session:
  • Fixed bug #66469 (Session module is sending multiple set-cookie headers when session.use_strict_mode=1) (Yasuo)
  • Fixed bug #66481 (Segfaults on session_name()). (cmcdermottroe at engineyard dot com, Yasuo)
  • Standard:
  • Fixed bug #66395 (basename function doesn't remove drive letter). (Anatol)
  • Sockets:
  • Fixed bug #66381 (__ss_family was changed on AIX 5.3). (Felipe)
  • Zend Engine:
  • Fixed bug #66009 (Failed compilation of PHP extension with C++ std library using VS 2012). (Anatol)

New in PHP 5.5.8 (January 11th, 2014)

  • Core:
  • Disallowed JMP into a finally block.
  • Added validation of class names in the autoload process.
  • Fixed invalid C code in zend_strtod.c.
  • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object).
  • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO).
  • Fixed bug #61645 (fopen and O_NONBLOCK).
  • Fixed bug #66218 (zend_register_functions breaks reflection).
  • Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval).
  • Fixed bug #65768 (DateTimeImmutable::diff does not work).
  • DOM:
  • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup).
  • Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()).
  • Filter:
  • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer).
  • GD:
  • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)).
  • PDO_odbc:
  • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries).
  • MySQLi:
  • Fixed bug #65486 (mysqli_poll() is broken on win x64).
  • OPCache:
  • Fixed revalidate_path=1 behavior to avoid caching of symlinks values.
  • Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq".
  • SNMP:
  • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations.
  • SOAP:
  • Fixed bug #66112 (Use after free condition in SOAP extension).
  • Sockets:
  • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined).
  • XSL:
  • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function).
  • ZIP:
  • Fixed bug #66321 (ZipArchive::open() ze_obj->filename_len not real).

New in PHP 5.5.8 RC 1 (December 27th, 2013)

  • Core:
  • Disallowed JMP into a finally block. (Laruence)
  • Added validation of class names in the autoload process. (Dmitry)
  • Fixed invalid C code in zend_strtod.c. (Lior Kaplan)
  • Fixed bug #66041 (list() fails to unpack yielded ArrayAccess object). (Nikita)
  • Fixed bug #65764 (generators/throw_rethrow FAIL with ZEND_COMPILE_EXTENDED_INFO). (Nikita)
  • Fixed bug #61645 (fopen and O_NONBLOCK). (Mike)
  • Fixed bug #66218 (zend_register_functions breaks reflection). (Remi)
  • Date:
  • Fixed bug #66060 (Heap buffer over-read in DateInterval). (Remi)
  • Fixed bug #65768 (DateTimeImmutable::diff does not work). (Nikita Nefedov)
  • DOM:
  • Fixed bug #65196 (Passing DOMDocumentFragment to DOMDocument::saveHTML() Produces invalid Markup). (Mike)
  • Exif:
  • Fixed bug #65873 (Integer overflow in exif_read_data()). (Stas)
  • Filter:
  • Fixed bug #66229 (128.0.0.0/16 isn't reserved any longer). (Adam)
  • GD:
  • Fixed bug #64405 (Use freetype-config for determining freetype2 dir(s)). (Adam)
  • PDO_odbc:
  • Fixed bug #66311 (Stack smashing protection kills PDO/ODBC queries). (michael at orlitzky dot com)
  • MySQLi:
  • Fixed bug #65486 (mysqli_poll() is broken on win x64). (Anatol)
  • OPCache:
  • Fixed reavlidate_path=1 behavior to avoid caching of symlinks values. (Dmitry)
  • Fixed Issue #140: "opcache.enable_file_override" doesn't respect "opcache.revalidate_freq". (Dmitry).
  • SNMP:
  • Fixed SNMP_ERR_TOOBIG handling for bulk walk operations. (Boris Lytochkin)
  • SOAP
  • Fixed bug #66112 (Use after free condition in SOAP extension). (martin dot koegler at brz dot gv dot at)
  • Sockets:
  • Fixed bug #65923 (ext/socket assumes AI_V4MAPPED is defined). (Felipe)
  • XSL
  • Fixed bug #49634 (Segfault throwing an exception in a XSL registered function). (Mike)
  • ZIP:
  • Fixed Bug #66321 (ZipArchive::open() ze_obj->filename_len not real). (Remi)

New in PHP 5.5.7 (December 11th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • OpenSSL:
  • Fixed memory corruption in openssl_x509_parse() (CVE-2013-6420). (Stefan Esser).
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in PHP 5.5.7 RC 1 (November 28th, 2013)

  • CLI server:
  • Added some MIME types to the CLI web server (Chris Jones)
  • Implemented FR #65917 (getallheaders() is not supported by the built-in web server) also implements apache_response_headers() (Andrea Faulds)
  • Core:
  • Fixed bug #66094 (unregister_tick_function tries to cast a Closure to a string). (Laruence)
  • OPCache:
  • Fixed bug #66176 (Invalid constant substitution). (Dmitry)
  • Fixed bug #65915 (Inconsistent results with require return value). (Dmitry)
  • Fixed bug #65559 (Opcache: cache not cleared if changes occur while running). (Dmitry)
  • readline:
  • Fixed Bug #65714 (PHP cli forces the tty to cooked mode). (Remi)

New in PHP 5.5.6 (November 14th, 2013)

  • Core:
  • Improved performance of array_merge() and func_get_args() by eliminating useless copying.
  • Fixed bug #65947 (basename is no more working after fgetcsv in certain situation).
  • Fixed bug #65939 (Space before ";" breaks php.ini parsing).
  • Fixed bug #65911 (scope resolution operator - strange behavior with $this).
  • Fixed bug #65936 (dangling context pointer causes crash).
  • FPM:
  • Changed default listen() backlog to 65535.
  • MySQLi:
  • Fixed bug #66043 (Segfault calling bind_param() on mysqli).
  • OPCache:
  • Increased limit for opcache.max_accelerated_files to 1,000,000.
  • Fixed issue #115 (path issue when using phar).
  • Fixed issue #149 (Phar mount points not working with OPcache enabled).
  • ODBC:
  • Fixed bug #65950 (Field name truncation if the field name is bigger than 32 characters).
  • PDO:
  • Fixed bug #66033 (Segmentation Fault when constructor of PDO statement throws an exception).
  • Fixed bug #65946 (sql_parser permanently converts values bound to strings).
  • Standard:
  • Fixed bug #64760 (var_export() does not use full precision for floating-point numbers).

New in PHP 5.5.5 (October 17th, 2013)

  • Core:
  • Fixed bug #64979 (Wrong behavior of static variables in closure generators).
  • Fixed bug #65322 (compile time errors won't trigger auto loading).
  • Fixed bug #65821 (By-ref foreach on property access of string offset segfaults).
  • CLI Server:
  • Fixed bug #65633 (built-in server treat some http headers as case-sensitive).
  • Fixed bug #65818 (Segfault with built-in webserver and chunked transfer encoding).
  • Added application/pdf to PHP CLI Web Server mime types
  • Datetime:
  • Fixed bug #64157 (DateTime::createFromFormat() reports confusing error message).
  • Fixed bug #65502 (DateTimeImmutable::createFromFormat returns DateTime).
  • Fixed bug #65548 (Comparison for DateTimeImmutable doesn't work).
  • DBA:
  • Fixed bug #65708 (dba functions cast $key param to string in-place, bypassing copy on write).
  • Filter:
  • Add RFC 6598 IPs to reserved addresses.
  • Fixed bug #64441 (FILTER_VALIDATE_URL rejects fully qualified domain names).
  • FTP:
  • Fixed bug #65667 (ftp_nb_continue produces segfault).
  • GD:
  • Ensure that the defined interpolation method is used with the generic scaling methods.
  • IMAP:
  • Fixed bug #65721 (configure script broken in 5.5.4 and 5.4.20 when enabling imap).
  • OPCache:
  • Fixed bug #65845 (Error when Zend Opcache Optimizer is fully enabled).
  • Fixed bug #65665 (Exception not properly caught when opcache enabled).
  • Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var).
  • Fixed issue #135 (segfault in interned strings if initial memory is too low).
  • Added function opcache_compile_file() to load PHP scripts into cache without execution.
  • Added support for GNU Hurd.
  • Sockets:
  • Fixed bug #65808 (the socket_connect() won't work with IPv6 address).
  • SPL:
  • Fixed bug #64782 (SplFileObject constructor make $context optional / give it a default value).
  • Standard:
  • Fixed bug #61548 content-type must appear at the end of headers for 201 Location to work in http.
  • XMLReader:
  • Fixed bug #51936 Crash with clone XMLReader.
  • Fixed bug #64230 XMLReader does not suppress errors.
  • Build system:
  • Fixed bug #51076 Race condition in shtool's mkdir -p implementation.
  • Fixed bug #62396 'make test' crashes starting with 5.3.14 (missing gzencode()).

New in PHP 5.5.4 (September 20th, 2013)

  • Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation).
  • Improved fputcsv() to allow specifying escape character.
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces).
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace).
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*).
  • Fixed bug #65225 (PHP_BINARY incorrectly set).
  • Fixed bug #62692 (PHP fails to build with DTrace).
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes).
  • Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4).
  • cURL:
  • Fixed bug #65458 (curl memory leak).
  • Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters).
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer).
  • OPCache:
  • Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4).
  • Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases).
  • Session:
  • Fixed bug #65475 (Session ID is not initialized properly when strict session is enabled).
  • Fixed bug #51127 and #65359, FR #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize())
  • Standard:
  • Fix issue with return types of password API helper functions. Found via static analysis by cjones.

New in PHP 5.5.4 RC 1 (September 5th, 2013)

  • Core:
  • Fixed bug #60598 (cli/apache sapi segfault on objects manipulation). (Laruence)
  • Improved fputcsv() to allow specifying escape character.
  • Fixed bug #65490 (Duplicate calls to get lineno & filename for DTRACE_FUNCTION_*). (Chris Jones)
  • Fixed bug #65483 (quoted-printable encode stream filter incorrectly encoding spaces). (Michael M Slusarz)
  • Fixed bug #65470 (Segmentation fault in zend_error() with --enable-dtrace). (Chris Jones, Kris Van Hees)
  • Fixed bug #65225 (PHP_BINARY incorrectly set). (Patrick Allaert)
  • Fixed bug #62692 (PHP fails to build with DTrace). (Chris Jones, Kris Van Hees)
  • Fixed bug #61759 (class_alias() should accept classes with leading backslashes). (Julien)
  • Fixed bug #46311 (Pointer aliasing issue results in miscompile on gcc4.4). (Nikita Popov)
  • cURL:
  • Fixed bug #65458 (curl memory leak). (Adam)
  • Datetime:
  • Fixed bug #65554 (createFromFormat broken when weekday name is followed by some delimiters). (Valentin Logvinskiy, Stas).
  • Fixed bug #65564 (stack-buffer-overflow in DateTimeZone stuff caught by AddressSanitizer). (Remi).
  • OPCache:
  • Fixed bug #65561 (Zend Opcache on Solaris 11 x86 needs ZEND_MM_ALIGNMENT=4). (Terry Ellison)
  • Fixed bug #65510 (5.5.2 crashes in _get_zval_ptr_ptr_var). (Dmitry)
  • Openssl:
  • Fixed bug #64802 (openssl_x509_parse fails to parse subject properly in some cases). (Mark Jones)
  • Session:
  • Fixed bug #65475 (Session ID is not initialized properly when strict session is enabled). (Yasuo)
  • Fixed bug #51127/#65359 Request #25630/#43980/#54383 (Added php_serialize session serialize handler that uses plain serialize()). (Yasuo)
  • Standard:
  • Fix issue with return types of password API helper functions. Found via static analysis by cjones. (Anthony Ferrara)

New in PHP 5.5.3 (September 2nd, 2013)

  • Openssl:
  • Fixed UMR in fix for CVE-2013-4248.

New in PHP 5.5.2 (August 19th, 2013)

  • Core:
  • Fixed bug #65372 (Segfault in gc_zval_possible_root when return reference fails).
  • Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value).
  • Fixed bug #65304 (Use of max int in array_sum).
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case).
  • Fixed bug #62691 (solaris sed has no -i switch).
  • Fixed bug #61345 (CGI mode - make install don't work).
  • Fixed bug #61268 (--enable-dtrace leads make to clobber Zend/zend_dtrace.d).
  • DOM:
  • Added flags option to DOMDocument::schemaValidate() and DOMDocument::schemaValidateSource(). Added LIBXML_SCHEMA_CREATE flag.
  • OPcache:
  • Added opcache.restrict_api configuration directive that may limit usage of OPcahce API functions only to patricular script(s).
  • Added support for glob symbols in blacklist entries (?, *, **).
  • Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown).
  • Openssl:
  • Fixed handling null bytes in subjectAltName (CVE-2013-4248).
  • PDO_mysql:
  • Fixed bug #65299 (pdo mysql parsing errors).
  • Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents).
  • Pgsql:
  • Fixed bug #62978 (Disallow possible SQL injections with pg_select()/pg_update() /pg_delete()/pg_insert()).
  • Fixed bug #65336 (pg_escape_literal/identifier() silently returns false).
  • Sessions:
  • Implemented strict sessions RFC (http://wiki.php.net/rfc/strict_sessions) which protects against session fixation attacks and session collisions (CVE-2011-4718).
  • Fixed possible buffer overflow under Windows. Note: Not a security fix.
  • Changed session.auto_start to PHP_INI_PERDIR.
  • SOAP:
  • Fixed bug #65018 (SoapHeader problems with SoapServer).
  • SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value).
  • Added RecursiveTreeIterator setPostfix and getPostifx methods.
  • Fixed bug #61697 (spl_autoload_functions returns lambda functions incorrectly).
  • Streams:
  • Fixed bug #65268 (select() implementation uses outdated tick API).

New in PHP 5.5.2 RC 1 (August 2nd, 2013)

  • Core:
  • Fixed value of FILTER_SANITIZE_FULL_SPECIAL_CHARS constant (previously was erroneously set to FILTER_SANITIZE_SPECIAL_CHARS value). (Andrey avp200681 gmail com).
  • Fixed bug #65304 (Use of max int in array_sum). (Laruence)
  • Fixed bug #65291 (get_defined_constants() causes PHP to crash in a very limited case). (Arpad)
  • OPcahce:
  • Added support for glob symbols in blacklist entries (?, *, **). (Terry Elison, Dmitry)
  • Fixed bug #65338 (Enabling both php_opcache and php_wincache AVs on shutdown). (Dmitry)
  • PDO_mysql:
  • Fixed bug #65299 (pdo mysql parsing errors). (Johannes)
  • Phar:
  • Fixed bug #65028 (Phar::buildFromDirectory creates corrupt archives for some specific contents). (Stas)
  • SPL:
  • Fixed bug #65328 (Segfault when getting SplStack object Value). (Laruence)
  • Added RecursiveTreeIterator setPostfix and getPostifx methods. (Joshua Thijssen)
  • Fixed bug #61697 (spl_autoload_functions returns lambda functions incorrectly). (Laruence)
  • Streams:
  • Fixed bug #65268 (select() implementation uses outdated tick API). (Anatol)
  • Pgsql:
  • Fixed bug #65336 (pg_escape_literal/identifier() scilently returns false). (Yasuo)

New in PHP 5.5.1 (July 19th, 2013)

  • Core:
  • Fixed bug #65254 (Exception not catchable when exception thrown in autoload with a namespace).
  • Fixed bug #65088 (Generated configure script is malformed on OpenBSD).
  • Fixed bug #65108 (is_callable() triggers Fatal Error).
  • Fixed bug #65035 (yield / exit segfault).
  • Fixed bug #65161 (Generator + autoload + syntax error = segfault).
  • Fixed bug #65226 (chroot() does not get enabled).
  • hex2bin() raises E_WARNING for invalid hex string.
  • OPcache:
  • Fixed bug #64827 (Segfault in zval_mark_grey (zend_gc.c)).
  • OPcache is now compatible with LiteSpeed SAPI.
  • CGI:
  • Fixed bug #65143 (Missing php-cgi man page).
  • CLI server:
  • Fixed bug #65066 (Cli server not responsive when responding with 422 http status code).
  • DateTime:
  • Fixed bug #65184 (strftime() returns insufficient-length string under multibyte locales).
  • GD:
  • Fixed bug #65070 (bgcolor does not use the same format as the input image with imagerotate).
  • Fixed bug #65060 (imagecreatefrom... crashes with user streams).
  • Fixed bug #65084 (imagecreatefromjpeg fails with URL).
  • Fix gdImageCreateFromWebpCtx and use same logic to load WebP image that other formats.
  • Intl:
  • Add IntlCalendar::setMinimalDaysInFirstWeek()/intlcal_set_minimal_days_in_first_week().
  • Fixed trailing space in name of constant IntlCalendar::FIELD_FIELD_COUNT.
  • Fixed bug #62759 (Buggy grapheme_substr() on edge case).
  • Fixed bug #61860 (Offsets may be wrong for grapheme_stri* functions).
  • OCI8:
  • Bump PECL package info version check to allow PECL installs with PHP 5.5+.
  • PDO:
  • Allowed PDO_OCI to compile with Oracle Database 12c client libraries.
  • Pgsql:
  • pg_unescape_bytea() raises E_WARNING for invalid inputs.
  • Phar:
  • Fixed bug #65142 (Missing phar man page).
  • Session:
  • Added optional create_sid() argument to session_set_save_handler(), SessionHandler and new SessionIdInterface.
  • Sockets:
  • #63472Setting SO_BINDTODEVICE with socket_set_option.
  • Allowed specifying paths in the abstract namespace for the functions socket_bind(), socket_connect() and socket_sendmsg().
  • Fixed bug #65260sendmsg() ancillary data construction for SCM_RIGHTS is faulty.
  • SPL:
  • Fixed bug #65136RecursiveDirectoryIterator segfault.
  • Fixed bug #61828Memleak when calling Directory(Recursive)Iterator/Spl(Temp)FileObject ctor twice.
  • CGI/FastCGI SAPI:
  • Added PHP_FCGI_BACKLOG, overrides the default listen backlog.

New in PHP 5.5.0 (June 24th, 2013)

  • Drop support for bison < 2.4 when building PHP from GIT source
  • Improved Zend Engine:
  • Added ARMv7/v8 versions of various Zend arithmetic functions that are implemented using inline assembler
  • Added systemtap support by enabling systemtap compatible dtrace probes on linux
  • Optimized access to temporary and compiled VM variables. 8% less memory reads
  • The VM stacks for passing function arguments and syntaticaly nested calls were merged into a single stack. The stack size needed for op_array execution is calculated at compile time and preallocated at once. As result all the stack push operations don't require checks for stack overflow any more
  • General improvement:
  • Added generators and coroutines.
  • Added "finally" keyword.
  • Added simplified password hashing API.
  • Added support for constant array/string dereferencing.
  • Added Class Name Resolution As Scalar Via "class" Keyword
  • Added support for using empty() on the result of function calls and other expressions
  • Added support for non-scalar Iterator keys in foreach
  • Added support for list in foreach
  • Core:
  • Added Zend Opcache extension and enable building it by default.
  • Added array_column function which returns a column in a multidimensional array
  • Added boolval()
  • Added "Z" option to pack/unpack
  • Added optional second argument for assert() to specify custom message
  • Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module
  • Improve set_exception_handler while doing reset
  • Return previous handler when passing NULL to set_error_handler and set_exception_handler
  • Implemented #64175 (Added HTTP codes as of RFC 6585)
  • Implemented #60738 (Allow 'set_error_handler' to handle NULL)
  • Implemented #60524 (specify temp dir by php.ini)
  • Implemented #46487 (Dereferencing process-handles no longer waits on those processes)
  • Fixed bug #65051 (count() off by one inside unset())
  • Fixed bug #64988 (Class loading order affects E_STRICT warning)
  • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC)
  • Fixed bug #64960 (Segfault in gc_zval_possible_root)
  • Fixed bug #64936 (doc comments picked up from previous scanner run)
  • Fixed bug #64934 (Apache2 TS crash with get_browser())
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110)
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build)
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden)
  • Fixed bug #64720 (SegFault on zend_deactivate).
  • Fixed bug #64677 (execution operator `` stealing surrounding arguments)
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition)
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault)
  • Fixed bug #64565 (copy doesn't report failure on partial copy)
  • Fixed bug #64555 (foreach no longer copies keys if they are interned)
  • Fixed bug #47675 and Fixed bug #64577 (fd leak on Solaris)
  • Fixed bug #64544 (Valgrind warnings after using putenv)
  • Fixed bug #64515 (Memoryleak when using the same variablename 2times in function declaration)
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse')
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11)
  • Fixed bug #64523 allow XOR in php.ini
  • Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail)
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT'])
  • Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace)
  • Fixed bug #64142 (dval to lval different behavior on ppc64)
  • Fixed bug #64135 (Exceptions from set_error_handler are not always propagated)
  • Fixed bug #63980 (object members get trimmed by zero bytes)
  • Fixed bug #63874 (Segfault if php_strip_whitespace has heredoc)
  • Fixed bug #63830 (Segfault on undefined function call in nested generator)
  • Fixed bug #63822 (Crash when using closures with ArrayAccess)
  • Fixed bug #61681 (Malformed grammar)
  • Fixed bug #61038 (unpack("a5", "str\0\0") does not work as expected)
  • Fixed bug #61025 (__invoke() visibility not honored)
  • Fixed bug #60833 (self, parent, static behave inconsistently case-sensitive)
  • Fixed bug #52126 timestamp for mail.log
  • Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice)
  • Fixed bug #23955 allow specifying Max-Age attribute in setcookie()
  • Fixed bug #18556 (Engine uses locale rules to handle class names)
  • Fix undefined behavior when converting double variables to integers. The double is now always rounded towards zero, the remainder of its division by 2^32 or 2^64 (depending on sizeof(long)) is calculated and it's made signed assuming a two's complement representation
  • Removed legacy features:
  • Remove php_logo_guid(), php_egg_logo_guid(), php_real_logo_guid(), zend_logo_guid()
  • Drop Windows XP and 2003 support
  • Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows.
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish).
  • Fixed bug #54254 (cal_from_jd returns month = 6 when there is only one Adar).
  • CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64).
  • CURL:
  • Remove curl stream wrappers.
  • Implemented #46439 - added CURLFile for safer file uploads
  • Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, CURLOPT_DIRLISTONLY, CURLOPT_NEW_DIRECTORY_PERMS, CURLOPT_NEW_FILE_PERMS, CURLOPT_NETRC_FILE, CURLOPT_PREQUOTE, CURLOPT_KRBLEVEL, CURLOPT_MAXFILESIZE, CURLOPT_FTP_ACCOUNT, CURLOPT_COOKIELIST, CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPT_CONNECT_ONLY, CURLOPT_LOCALPORT, CURLOPT_LOCALPORTRANGE, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_SSL_SESSIONID_CACHE, CURLOPT_FTP_SSL_CCC, CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING, CURLOPT_PROXY_TRANSFER_MODE, CURLOPT_ADDRESS_SCOPE, CURLOPT_CRLFILE, CURLOPT_ISSUERCERT, CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, CURLOPT_PROXYPASSWORD, CURLOPT_NOPROXY, CURLOPT_SOCKS5_GSSAPI_NEC, CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPT_TFTP_BLKSIZE, CURLOPT_SSH_KNOWNHOSTS, CURLOPT_FTP_USE_PRET, CURLOPT_MAIL_FROM, CURLOPT_MAIL_RCPT, CURLOPT_RTSP_CLIENT_CSEQ, CURLOPT_RTSP_SERVER_CSEQ, CURLOPT_RTSP_SESSION_ID, CURLOPT_RTSP_STREAM_URI, CURLOPT_RTSP_TRANSPORT, CURLOPT_RTSP_REQUEST, CURLOPT_RESOLVE, CURLOPT_ACCEPT_ENCODING, CURLOPT_TRANSFER_ENCODING, CURLOPT_DNS_SERVERS and CURLOPT_USE_SSL
  • Fixed bug #55635 (CURLOPT_BINARYTRANSFER no longer used. The constant still exists for backward compatibility but is doing nothing)
  • Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support)
  • Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror curl_pause, curl_reset, curl_share_close, curl_share_init, curl_share_setopt curl_strerror and curl_unescape
  • Addes new curl options CURLOPT_TELNETOPTIONS, CURLOPT_GSSAPI_DELEGATION, CURLOPT_ACCEPTTIMEOUT_MS, CURLOPT_SSL_OPTIONS, CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL
  • DateTime:
  • Added DateTimeImmutable - a variant of DateTime that only returns the modified state instead of changing itself.
  • Fixed bug #64825 (Invalid free when unserializing DateTimeZone).
  • Fixed bug #64359 (strftime crash with VS2012)
  • Fixed bug #62852 (Unserialize Invalid Date causes crash)
  • Fixed bug #61642 (modify("+5 weekdays") returns Sunday)
  • Fixed bug #60774 (DateInterval::format("%a") is always zero when an interval is created using the createFromDateString method)
  • Fixed bug #54567 (DateTimeZone serialize/unserialize)
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance)
  • dba:
  • Fixed bug #62489 (dba_insert not working as expected)
  • Filter:
  • Implemented #49180 added MAC address validation.
  • Fileinfo:
  • Upgraded libmagic to 5.14.
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file)
  • Fixed bug #63590 (Different results in TS and NTS under Windows)
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows)
  • FPM:
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file.
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME
  • Log a warning when a syscall fails
  • Implemented #64764 (add support for FPM init.d script)
  • Fixed bug #64915 (error_log ignored when daemonize=0)
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11)
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan
  • GD:
  • Fixed bug #64962 (imagerotate produces corrupted image).
  • Fixed bug #64961 (segfault in imagesetinterpolation)
  • Fix build with system libgd >= 2.1 which is now the minimal version required (as build with previous version is broken). No change when bundled libgd is used
  • Upgraded libgd to 2.1
  • hash:
  • Added support for PBKDF2 via hash_pbkdf2().
  • Fixed bug #64745 (hash_pbkdf2() truncates data when using default length and hex output)
  • intl:
  • Added UConverter wrapper.
  • The intl extension now requires ICU 4.0+
  • Added intl.use_exceptions INI directive, which controls what happens when global errors are set together with intl.error_level
  • MessageFormatter::format() and related functions now accepted named arguments and mixed numeric/named arguments in ICU 4.8+
  • MessageFormatter::format() and related functions now don't error out when an insufficient argument count is provided. Instead, the placeholders will remain unsubstituted
  • MessageFormatter::parse() and MessageFormat::format() (and their static equivalents) don't throw away better than second precision in the arguments
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone objects and NULL
  • IntlDateFormatter::__construct and datefmt_create() no longer accept invalid timezone identifiers or empty strings
  • The default time zone used in IntlDateFormatter::__construct and datefmt_create() (when the corresponding argument is not passed or NULL is passed) is now the one given by date_default_timezone_get(), not the default ICU time zone
  • The time zone passed to the IntlDateFormatter is ignored if it is NULL and if the calendar passed is an IntlCalendar object -- in this case, the IntlCalendar's time zone will be used instead. Otherwise, the time zone specified in the $timezone argument is used instead. This does not affect old code, as IntlCalendar was introduced in this version
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $calendar argument also IntlCalendar objects
  • IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false if the IntlDateFormatter was set up with an IntlCalendar instead of the constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not exist before this version
  • IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept an IntlCalendar object, in which case its time zone is taken. Passing a constant is still allowed, and still keeps the time zone
  • IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone() instead
  • IntlDateFormatter::format() and datefmt_format() now also accept an IntlCalendar object for formatting
  • Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone, IntlBreakIterator, IntlRuleBasedBreakIterator and IntlCodePointBreakIterator
  • Added the functions: intlcal_get_keyword_values_for_locale(), intlcal_get_now(), intlcal_get_available_locales(), intlcal_get(), intlcal_get_time(), intlcal_set_time(), intlcal_add(), intlcal_set_time_zone(), intlcal_after(), intlcal_before(), intlcal_set(), intlcal_roll(), intlcal_clear(), intlcal_field_difference(), intlcal_get_actual_maximum(), intlcal_get_actual_minimum(), intlcal_get_day_of_week_type(), intlcal_get_first_day_of_week(), intlcal_get_greatest_minimum(), intlcal_get_least_maximum(), intlcal_get_locale(), intlcal_get_maximum(), intlcal_get_minimal_days_in_first_week(), intlcal_get_minimum(), intlcal_get_time_zone(), intlcal_get_type(), intlcal_get_weekend_transition(), intlcal_in_daylight_time(), intlcal_is_equivalent_to(), intlcal_is_lenient(), intlcal_is_set(), intlcal_is_weekend(), intlcal_set_first_day_of_week(), intlcal_set_lenient(), intlcal_equals(), intlcal_get_repeated_wall_time_option(), intlcal_get_skipped_wall_time_option(), intlcal_set_repeated_wall_time_option(), intlcal_set_skipped_wall_time_option(), intlcal_from_date_time(), intlcal_to_date_time(), intlcal_get_error_code(), intlcal_get_error_message(), intlgregcal_create_instance(), intlgregcal_set_gregorian_change(), intlgregcal_get_gregorian_change() and intlgregcal_is_leap_year()
  • Added the functions: intltz_create_time_zone(), intltz_create_default(), intltz_get_id(), intltz_get_gmt(), intltz_get_unknown(), intltz_create_enumeration(), intltz_count_equivalent_ids(), intltz_create_time_zone_id_enumeration(), intltz_get_canonical_id(), intltz_get_region(), intltz_get_tz_data_version(), intltz_get_equivalent_id(), intltz_use_daylight_time(), intltz_get_offset(), intltz_get_raw_offset(), intltz_has_same_rules(), intltz_get_display_name(), intltz_get_dst_savings(), intltz_from_date_time_zone(), intltz_to_date_time_zone(), intltz_get_error_code(), intltz_get_error_message()
  • Added the methods: IntlDateFormatter::formatObject(), IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(), IntlDateFormatter::setTimeZone()
  • Added the functions: datefmt_format_object(), datefmt_get_calendar_object(), datefmt_get_timezone(), datefmt_set_timezone(), datefmt_get_calendar_object(), intlcal_create_instance()
  • mbstring:
  • Fixed bug #64769 (mbstring PHPTs crash on Windows x64).
  • MCrypt:
  • mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw E_DEPRECATED.
  • mysql:
  • This extension is now deprecated, and deprecation warnings will be generated when connections are established to databases via mysql_connect(), mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL instead
  • Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql. Known for stability problems
  • Added support for SHA256 authentication available with MySQL 5.6.6+
  • mysqli:
  • Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their respective OO counterparts. They work in libmysql and mysqlnd mode
  • Added mysqli_savepoint(), mysqli_release_savepoint()
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed)
  • Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when using Connector/C)
  • mysqlnd:
  • Add new begin_transaction() call to the connection object. Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK
  • Added mysqlnd_savepoint(), mysqlnd_release_savepoint()
  • Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind)
  • Fixed return value of mysqli_stmt_affected_rows() in the time after prepare() and before execute()
  • PCRE:
  • Merged PCRE 8.32
  • Deprecated the /e modifier
  • Fixed bug #63284 (Upgrade PCRE to 8.31)
  • PDO:
  • Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server)
  • PDO_DBlib:
  • Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib)
  • Fixed bug #64338 (pdo_dblib can't connect to Azure SQL)
  • Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes)
  • PDO_pgsql:
  • Fixed bug #64949 (Buffer overflow in _pdo_pgsql_error)
  • PDO_mysql:
  • Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR)
  • pgsql:
  • Added pg_escape_literal() and pg_escape_identifier()
  • Fixed bug #46408 Locale number format settings can cause pg_query_params to break with numerics
  • Phar:
  • Fixed timestamp update on Phar contents modification
  • readline:
  • Fixed bug #55694 (Expose additional readline variable to prevent default filename completion)
  • Reflection:
  • Fixed bug #64007 (There is an ability to create instance of Generator by hand)
  • Sockets:
  • Added recvmsg() and sendmsg() wrappers
  • Fixed bug #64508 (Fails to build with --disable-ipv6)
  • Fixed bug #64287 (sendmsg/recvmsg shutdown handler causes segfault)
  • SPL:
  • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems)
  • Fixed bug #64264 (SPLFixedArray toArray problem)
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS)
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended)
  • Fixed bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings)
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays)
  • Implement #48358 (Add SplDoublyLinkedList::add() to insert an element at a given offset)
  • SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong)
  • Fixed bug #64159 (Truncated snmpget)
  • Fixed bug #64124 (IPv6 malformed)
  • Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly)
  • SOAP:
  • Added SoapClient constructor option 'ssl_method' to specify ssl method
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64)
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling
  • Tokenizer:
  • Fixed bug #60097 (token_get_all fails to lex nested heredoc)
  • Zip:
  • Upgraded libzip to 0.10.1
  • Fixed bug #64452 (Zip crash intermittently)
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence)

New in PHP 5.4.17 RC 1 (June 19th, 2013)

  • Core:
  • Fixed bug #64988 (Class loading order affects E_STRICT warning). (Laruence)
  • Fixed bug #64966 (segfault in zend_do_fcall_common_helper_SPEC). (Laruence)
  • Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
  • Fixed bug #64936 (doc comments picked up from previous scanner run). (Stas, Jonathan Oddy)
  • Fixed bug #64934 (Apache2 TS crash with get_browser()). (Anatol)
  • Fixed bug #64166 (quoted-printable-encode stream filter incorrectly discarding whitespace). (Michael M Slusarz)
  • DateTime:
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)
  • FPM:
  • Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
  • Implemented FR #64764 (add support for FPM init.d script). (Lior Kaplan)
  • PDO:
  • Fixed bug #63176 (Segmentation fault when instantiate 2 persistent PDO to the same db server). (Laruence)
  • PDO_DBlib:
  • Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool)
  • Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool)
  • Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool)
  • PDO_firebird:
  • Fixed bug #64037 (Firebird return wrong value for numeric field). (Matheus Degiovani, Matteo)
  • Fixed bug #62024 (Cannot insert second row with null using parametrized query). (patch by [email protected], Matheus Degiovani, Matteo)
  • PDO_mysql:
  • Fixed bug #48724 (getColumnMeta() doesn't return native_type for BIT, TINYINT and YEAR). (Antony, Daniel Beardsley)
  • PDO_pgsql:
  • Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)
  • pgsql:
  • Fixed bug #64609 (pg_convert enum type support). (Matteo)
  • Readline:
  • Implement FR #55694 (Expose additional readline variable to prevent default filename completion). (Hartmel)
  • SPL:
  • Fixed bug #64997 (Segfault while using RecursiveIteratorIterator on 64-bits systems). (Laruence)

New in PHP 5.5.0 RC 3 (June 7th, 2013)

  • Core:
  • Fixed bug #64960 (Segfault in gc_zval_possible_root). (Laruence)
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas)
  • FPM:
  • Fixed Bug #64915 (error_log ignored when daemonize=0). (Remi)
  • GD:
  • Fixed Bug #64962 (imagerotate produces corrupted image). (Remi)
  • Fixed Bug #64961 (segfault in imagesetinterpolation). (Remi)
  • Hash:
  • Fixed Bug #64745 (hash_pbkdf2() truncates data when using default length and hex output). (Anthony Ferrara)
  • PDO_DBlib:
  • Fixed bug #63638 (Cannot connect to SQL Server 2008 with PDO dblib). (Stanley Sufficool)
  • Fixed bug #64338 (pdo_dblib can't connect to Azure SQL). (Stanley Sufficool)
  • Fixed bug #64808 (FreeTDS PDO getColumnMeta on a prepared but not executed statement crashes). (Stanley Sufficool)
  • PDO_pgsql:
  • Fixed Bug #64949 (Buffer overflow in _pdo_pgsql_error). (Remi)

New in PHP 5.4.16 (June 5th, 2013)

  • Core:
  • Fixed bug #64879 (Heap based buffer overflow in quoted_printable_encode, CVE 2013-2110). (Stas)
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol)
  • Fixed bug #64729 (compilation failure on x32). (Gustavo)
  • Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmänen)
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
  • Fileinfo:
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
  • FPM:
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi)
  • Log a warning when a syscall fails. (Remi)
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi)
  • MySQLi:
  • Fixed bug #64726 (Segfault when calling fetch_object on a use_result and DB pointer has closed). (Laruence)
  • Phar:
  • Fixed bug #64214 (PHAR PHPTs intermittently crash when run on DFS, SMB or with non std tmp dir). (Pierre)
  • SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin)
  • Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol)
  • Zend Engine:
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol)

New in PHP 5.5.0 RC 2 (May 23rd, 2013)

  • Core:
  • Fixed bug #64660 (Segfault on memory exhaustion within function definition). (Stas, reported by Juha Kylmänen)
  • Fixed bug #64720 (SegFault on zend_deactivate). (Dmitry)
  • Fixed bug #64853 (Use of no longer available ini directives causes crash on TS build). (Anatol)
  • Calendar:
  • Fixed bug #64895 (Integer overflow in SndToJewish). (Remi)
  • Fileinfo:
  • Fixed bug #64830 (mimetype detection segfaults on mp3 file). (Anatol)
  • FPM:
  • Add --with-fpm-systemd option to report health to systemd, and systemd_interval option to configure this. The service can now use Type=notify in the systemd unit file. (Remi)
  • mbstring:
  • Fixed bug #64769 (mbstring PHPTs crash on Windows x64). (Anatol)
  • mysqli:
  • Fixed bug #64394 (MYSQL_OPT_CAN_HANDLE_EXPIRED_PASSWORDS undeclared when using Connector/C). (Andrey)
  • Sockets:
  • Fixed bug #64508 (Fails to build with --disable-ipv6). (Gustavo)
  • Zend Engine:
  • Fixed bug #64821 (Custom Exceptions crash when internal properties overridden). (Anatol)
  • DateTime:
  • Fixed bug #64825 (Invalid free when unserializing DateTimeZone). (Anatol)

New in PHP 5.5.0 RC 1 (May 9th, 2013)

  • FPM:
  • Ignore QUERY_STRING when sent in SCRIPT_FILENAME. (Remi)
  • Fixed some possible memory or resource leaks and possible null dereference detected by code coverity scan. (Remi)
  • Log a warning when a syscall fails. (Remi)
  • GD:
  • Fix build with system libgd >= 2.1 which is now the minimal version required (as build with previous version is broken). No change when bundled libgd is used. (Ondrej Sury, Remi)
  • SNMP:
  • Fixed bug #64765 (Some IPv6 addresses get interpreted wrong). (Boris Lytochkin)
  • Fixed bug #64159 (Truncated snmpget). (Boris Lytochkin)
  • Streams:
  • Fixed bug #64770 (stream_select() fails with pipes returned by proc_open() on Windows x64). (Anatol)

New in PHP 5.4.15 (May 8th, 2013)

  • Core:
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). (Laruence)
  • Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
  • Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). (Sergey Akbarov)
  • Fixed bugs #47675 and #64577 (fd leak on Solaris)
  • Fileinfo:
  • Upgraded libmagic to 5.14. (Anatol)
  • Zip:
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). (Anatol)

New in PHP 5.5.0 Beta 4 (April 24th, 2013)

  • Core:
  • Fixed bug #64677 (execution operator `` stealing surrounding arguments). (Laruence)
  • Zip:
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). (Anatol)
  • Streams:
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling (Anatol Belski)

New in PHP 5.4.15 RC 1 (April 24th, 2013)

  • Core:
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). (Laruence)
  • Fixed bug #64458 (dns_get_record result with string of length -1). (Stas)
  • Fixed bug #64433 (follow_location parameter of context is ignored for most response codes). (Sergey Akbarov)
  • Fixed bugs #47675 and #64577 (fd leak on Solaris)
  • CURL:
  • Add CURL_WRAPPERS_ENABLED constant. (Laruence)
  • Fileinfo:
  • Upgraded libmagic to 5.14. (Anatol)
  • Zip:
  • Fixed bug #64342 (ZipArchive::addFile() has to check for file existence). (Anatol)
  • Streams:
  • Fixed Windows x64 version of stream_socket_pair() and improved error handling (Anatol Belski)

New in PHP 5.4.14 (April 12th, 2013)

  • Core:
  • Fixed bug #64529 (Ran out of opcode space).
  • Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration).
  • Fixed bug #64432 (more empty delimiter warning in strX methods).
  • Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error).
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']).
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11).
  • Fixed bug #63976 (Parent class incorrectly using child constant in class property).
  • Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly).
  • Fixed bug #62343 (Show class_alias In get_declared_classes()).
  • PCRE:
  • Merged PCRE 8.32.
  • SNMP:
  • Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly).
  • Zip:
  • Fixed bug #64452 (Zip crash intermittently). (Anatol)

New in PHP 5.5.0 Beta 3 (April 10th, 2013)

  • Core:
  • Fixed bug #64578 (debug_backtrace in set_error_handler corrupts zend heap: segfault). (Laruence)
  • Fixed bug #64565 (copy doesn't report failure on partial copy). (Remi)
  • Fixed bug #64555 (foreach no longer copies keys if they are interned). (Nikita Popov)
  • Fixed bugs #47675 and #64577 (fd leak on Solaris)
  • CURL:
  • Added CURL_WRAPPERS_ENABLED constant. (Laruence)
  • DateTime
  • Fixed bug #54567 (DateTimeZone serialize/unserialize) (Lonny Kapelushnik, Derick)
  • Fixed bug #60774 (DateInterval::format("%a") is always zero when an interval is created using the createFromDateString method) (Lonny Kapelushnik, Derick)
  • General improvements:
  • Drop support for bison < 2.4 when building PHP from GIT source. (Laruence)
  • Fileinfo:
  • Upgraded libmagic to 5.14. (Anatol)

New in PHP 5.4.14 RC 1 (March 28th, 2013)

  • Core:
  • Fixed bug #64529 (Ran out of opcode space). (Dmitry)
  • Fixed bug #64515 (Memoryleak when using the same variablename two times in function declaration). (Laruence)
  • Fixed bug #64432 (more empty delimiter warning in strX methods). (Laruence)
  • Fixed bug #64417 (ArrayAccess::&offsetGet() in a trait causes fatal error). (Dmitry)
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). (Anatol)
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). (Dmitry, Laruence)
  • Fixed bug #63976 (Parent class incorrectly using child constant in class property). (Dmitry)
  • Fixed bug #63914 (zend_do_fcall_common_helper_SPEC does not handle exceptions properly). (Jeff Welch)
  • Fixed bug #62343 (Show class_alias In get_declared_classes()) (Dmitry)
  • PCRE:
  • Merged PCRE 8.32. (Anatol)
  • SNMP:
  • Fixed bug #61981 (OO API, walk: $suffix_as_key is not working correctly). (Boris Lytochkin)
  • Zip:
  • Bug #64452 (Zip crash intermittently). (Anatol)

New in PHP 5.5.0 Beta 2 (March 28th, 2013)

  • Core:
  • Fixed bug #64515 (Memoryleak when using the same variablename 2times in function declaration). (Laruence)
  • Fixed bug #64503 (Compilation fails with error: conflicting types for 'zendparse'). (Laruence)
  • Fixed bug #64239 (Debug backtrace changed behavior since 5.4.10 or 5.4.11). (Dmitry, Laruence)
  • Opcache:
  • Fixed bug # 64490 (struct flock undefined on FreeBSD). (Joe Watkins)

New in PHP 5.5.0 Beta 1 (March 20th, 2013)

  • Core:
  • Added Zend Opcache extension and enable building it by default. More details here: http://wiki.php.net/rfc/optimizerplus. (Dmitry)
  • Added array_column function which returns a column in a multidimensional array. http://wiki.php.net/rfc/array_column. (Ben Ramsey)
  • Fixed bug #64354 (Unserialize array of objects whose class can't be autoloaded fail). (Laruence)
  • Added support for changing the process's title in CLI/CLI-Server SAPIs. The implementation is more robust that the proctitle PECL module. More details here: http://wiki.php.net/rfc/cli_process_title. (Keyur)
  • Fixed bug #64370 (microtime(true) less than $_SERVER['REQUEST_TIME_FLOAT']). (Anatol)
  • Added support for non-scalar Iterator keys in foreach (http://wiki.php.net/rfc/foreach-non-scalar-keys). (Nikita Popov)
  • mysqlnd:
  • Fixed bug #63530 (mysqlnd_stmt::bind_one_parameter crashes, uses wrong alloc for stmt->param_bind). (Andrey)
  • DateTime:
  • Fixed bug #53437 (Crash when using unserialized DatePeriod instance). (Gustavo, Derick, Anatol)
  • Fixed bug #62852 (Unserialize Invalid Date causes crash). (Anatol)
  • SPL:
  • Implement FR #48358 (Add SplDoublyLinkedList::add() to insert an element at a given offset). (Mark Baker, David Soria Parra)
  • Zip:
  • Bug #64452 (Zip crash intermittently). (Anatol)

New in PHP 5.4.13 (March 14th, 2013)

  • Core:
  • Fixed bug #64235 (Insteadof not work for class method in 5.4.11). (Laruence)
  • Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
  • Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
  • Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry)
  • CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)
  • Mbstring:
  • mb_split() can now handle empty matches like preg_split() does. (Moriyoshi)
  • OpenSSL:
  • Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). (Stas)
  • PDO_mysql:
  • Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). (Johannes)
  • Phar:
  • Fixed timestamp update on Phar contents modification. (Dmitry)
  • SOAP:
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry)
  • Disabled external entities loading (CVE-2013-1643). (Dmitry)
  • SPL:
  • Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). (patch by [email protected], Laruence)
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays). (Mike Willbanks)
  • SNMP:
  • Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)

New in PHP 5.5.0 Alpha 6 (March 7th, 2013)

  • Core:
  • Fixed bug #49348 (Uninitialized ++$foo->bar; does not cause a notice). (Stas)
  • Sockets:
  • Fixed bug #64287 (sendmsg/recvmsg shutdown handler causes segfault). (Gustavo)
  • PCRE:
  • Merged PCRE 8.32. (Anatol)
  • DateTime:
  • Fixed bug #64359 (strftime crash with VS2012). (Anatol)

New in PHP 5.4.13 RC 1 (February 27th, 2013)

  • Core:
  • Fixed bug #64235 (Insteadof not work for class method in 5.4.11). (Laruence)
  • Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
  • Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
  • Fixed bug #64070 (Inheritance with Traits failed with error). (Dmitry)
  • CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)
  • Mbstring:
  • mb_split() can now handle empty matches like preg_split() does. (Moriyoshi)
  • OpenSSL:
  • Fixed bug #61930 (openssl corrupts ssl key resource when using openssl_get_publickey()). (Stas)
  • PDO_mysql:
  • Fixed bug #60840 (undefined symbol: mysqlnd_debug_std_no_trace_funcs). (Johannes)
  • SOAP:
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry)
  • Disabled external entities loading (CVE-2013-1643). (Dmitry)
  • SPL:
  • Fixed bug #64264 (SPLFixedArray toArray problem). (Laruence)
  • Fixed bug #64228 (RecursiveDirectoryIterator always assumes SKIP_DOTS). (patch by [email protected], Laruence)
  • Fixed bug #64106 (Segfault on SplFixedArray[][x] = y when extended). (Nikita Popov)
  • Fixed bug #52861 (unset fails with ArrayObject and deep arrays). (Mike Willbanks)
  • SNMP:
  • Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)

New in PHP 5.5.0 Alpha 5 (February 20th, 2013)

  • Core:
  • Implemented FR #64175 (Added HTTP codes as of RFC 6585). (Jonh Wendell)
  • Fixed bug #64135 (Exceptions from set_error_handler are not always propagated). (Laruence)
  • Fixed bug #63830 (Segfault on undefined function call in nested generator). (Nikita Popov)
  • Fixed bug #60833 (self, parent, static behave inconsistently case-sensitive). (Stas, mario at include-once dot org)
  • Implemented FR #60524 (specify temp dir by php.ini). (ALeX Kazik).
  • Fixed bug #64142 (dval to lval different behavior on ppc64). (Remi)
  • Added ARMv7/v8 versions of various Zend arithmetic functions that are implemented using inline assembler (Ard Biesheuvel)
  • CLI server:
  • Fixed bug #64128 (buit-in web server is broken on ppc64). (Remi)
  • cURL:
  • Implemented FR #46439 added CURLFile for safer file uploads. (Stas)
  • Intl:
  • Cherry-picked UConverter wrapper, which had accidentaly been committed only to master.
  • mysqli:
  • Added mysqli_begin_transaction()/mysqli::begin_transaction(). Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK through options to mysqli_commit()/mysqli_rollback() and their respective OO counterparts. They work in libmysql and mysqlnd mode. (Andrey)
  • Added mysqli_savepoint(), mysqli_release_savepoint(). (Andrey)
  • mysqlnd:
  • Add new begin_transaction() call to the connection object. Implemented all options, per MySQL 5.6, which can be used with START TRANSACTION, COMMIT and ROLLBACK. (Andrey)
  • Added mysqlnd_savepoint(), mysqlnd_release_savepoint(). (Andrey)
  • Sockets:
  • Added recvmsg() and sendmsg() wrappers. (Gustavo) See http://wiki.php.net/rfc/sendrecvmsg
  • Filter:
  • Implemented FR #49180 added MAC address validation. (Martin)
  • SNMP:
  • Fixed bug #64124 (IPv6 malformed). (Boris Lytochkin)

New in PHP 5.4.12 (February 19th, 2013)

  • Core:
  • Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
  • Fixed bug #64011 (get_html_translation_table() output incomplete with HTML_ENTITIES and ISO-8859-1). (Gustavo)
  • Fixed bug #63982 (isset() inconsistently produces a fatal error on protected property). (Stas)
  • Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence)
  • Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
  • Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length). (Gustavo)
  • Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry)
  • Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas)
  • Fixed bug #62524 (fopen follows redirects for non-3xx statuses). (Wes Mason)
  • Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars)
  • Date:
  • Fixed bug #63699 (Performance improvements for various ext/date functions). (Lars, original patch by njaguar at gmail dot com)
  • Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. (Derick)
  • FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  • Litespeed:
  • Fixed bug #63228 (-Werror=format-security error in lsapi code). (George)
  • SOAP:
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry)
  • Disabled external entities loading (CVE-2013-1643). (Dmitry)
  • sqlite3:
  • Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API). (srgoogleguy, Lars)
  • PDO_OCI:
  • Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence)
  • Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long testsuite). (hswong3i, Lars)
  • PDO_sqlite:
  • Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even on 64bit builds in pdo_sqlite). (srgoogleguy, Lars)

New in PHP 5.4.12 RC 2 (February 13th, 2013)

  • SOAP:
  • Added check that soap.wsdl_cache_dir conforms to open_basedir (CVE-2013-1635). (Dmitry)
  • Disabled external entities loading (CVE-2013-1643). (Dmitry)

New in PHP 5.4.12 RC 1 (January 30th, 2013)

  • Core:
  • Fixed bug #64099 (Wrong TSRM usage in zend_Register_class alias). (Johannes)
  • Fixed bug #64011 (get_html_translation_table() output incomplete with HTML_ENTITIES and ISO-8859-1). (Gustavo)
  • Fixed bug #63982 (isset() inconsistently produces a fatal error on protected property). (Stas)
  • Fixed bug #63943 (Bad warning text from strpos() on empty needle). (Laruence)
  • Fixed bug #63899 (Use after scope error in zend_compile). (Laruence)
  • Fixed bug #63893 (Poor efficiency of strtr() using array with keys of very different length). (Gustavo)
  • Fixed bug #63882 (zend_std_compare_objects crash on recursion). (Dmitry)
  • Fixed bug #63462 (Magic methods called twice for unset protected properties). (Stas)
  • Fixed bug #62524 (fopen follows redirects for non-3xx statuses). (Wes Mason)
  • Support BITMAPV5HEADER in getimagesize(). (AsamK, Lars)
  • Date:
  • Fixed bug #63699 (Performance improvements for various ext/date functions). (Lars, original patch by njaguar at gmail dot com)
  • Fixed bug #55397: Comparsion of incomplete DateTime causes SIGSEGV. (Derick)
  • FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  • Litespeed:
  • Fixed bug #63228 (-Werror=format-security error in lsapi code). (George)
  • ext/sqlite3:
  • Fixed bug #63921 (sqlite3::bindvalue and relative PHP functions aren't using sqlite3_*_int64 API). (srgoogleguy, Lars)
  • PDO_OCI:
  • Fixed bug #57702 (Multi-row BLOB fetches). (hswong3i, Laruence)
  • Fixed bug #52958 (Segfault in PDO_OCI on cleanup after running a long testsuite). (hswong3i, Lars)
  • PDO_sqlite:
  • Fixed bug #63916 (PDO::PARAM_INT casts to 32bit int internally even on 64bit builds in pdo_sqlite). (srgoogleguy, Lars)

New in PHP 5.5.0 Alpha 4 (January 22nd, 2013)

  • Core:
  • Fixed bug #63980 (object members get trimmed by zero bytes). (Laruence)
  • Implemented RFC for Class Name Resolution As Scalar Via "class" Keyword. (Ralph Schindler, Nikita Popov, Lars)
  • DateTime
  • Added DateTimeImmutable a variant of DateTime that only returns the modified state instead of changing itself. (Derick)
  • FPM:
  • Fixed bug #63999 (php with fpm fails to build on Solaris 10 or 11). (Adam)
  • pgsql:
  • Bug #46408: Locale number format settings can cause pg_query_params to break with numerics. (asmecher, Lars)
  • dba:
  • Bug #62489: dba_insert not working as expected. (marc-bennewitz at arcor dot de, Lars)
  • Reflection:
  • Fixed bug #64007 (There is an ability to create instance of Generator by hand). (Laruence)

New in PHP 5.4.11 (January 16th, 2013)

  • Core:
  • Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). (Johannes)
  • Fixed bug #43177 (Errors in eval()'ed code produce status code 500). (Todd Ruth, Stas).
  • Filter:
  • Fixed bug #63757 (getenv() produces memory leak with CGI SAPI). (Dmitry)
  • Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0). (martin at divbyzero dot net, Lars)
  • JSON:
  • Fixed bug #63737 (json_decode does not properly decode with options parameter). (Adam)
  • CLI server:
  • Update list of common mime types. Added webm, ogv, ogg. (Lars, pascalc at gmail dot com)
  • cURL extension:
  • Fixed bug (segfault due to libcurl connection caching). (Pierrick)
  • Fixed bug #63859 (Memory leak when reusing curl-handle). (Pierrick)
  • Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). (Pierrick)
  • Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers). (Pierrick)
  • Fixed bug #55438 (Curlwapper is not sending http header randomly). ([email protected], Pierrick)

New in PHP 5.5.0 Alpha 3 (January 10th, 2013)

  • General improvements:
  • Fixed bug #63874 (Segfault if php_strip_whitespace has heredoc). (Pierrick)
  • Fixed bug #63822 (Crash when using closures with ArrayAccess). (Nikita Popov)
  • Add Generator::throw() method. (Nikita Popov)
  • Bug #23955: allow specifying Max-Age attribute in setcookie() (narfbg, Lars)
  • Bug #52126: timestamp for mail.log (Martin Jansen, Lars)
  • mysqlnd:
  • Fixed return value of mysqli_stmt_affected_rows() in the time after prepare() and before execute(). (Andrey)
  • cURL:
  • Added new functions curl_escape, curl_multi_setopt, curl_multi_strerror curl_pause, curl_reset, curl_share_close, curl_share_init, curl_share_setopt curl_strerror and curl_unescape. (Pierrick)
  • Addes new curl options CURLOPT_TELNETOPTIONS, CURLOPT_GSSAPI_DELEGATION, CURLOPT_ACCEPTTIMEOUT_MS, CURLOPT_SSL_OPTIONS, CURLOPT_TCP_KEEPALIVE, CURLOPT_TCP_KEEPIDLE and CURLOPT_TCP_KEEPINTVL. (Pierrick)

New in PHP 5.4.11 RC 1 (January 3rd, 2013)

  • Core:
  • Fixed bug #63762 (Sigsegv when Exception::$trace is changed by user). (Johannes)
  • Fixed bug #43177 (Errors in eval()'ed code produce status code 500). (Todd Ruth, Stas).
  • Filter:
  • Fixed bug #63757 (getenv() produces memory leak with CGI SAPI). (Dmitry)
  • Fixed bug #54096 (FILTER_VALIDATE_INT does not accept +0 and -0). (martin at divbyzero dot net, Lars)
  • JSON:
  • Fixed bug #63737 (json_decode does not properly decode with options parameter). (Adam)
  • CLI server
  • Update list of common mime types. Added webm, ogv, ogg. (Lars, pascalc at gmail dot com)
  • cURL extension:
  • Fixed bug (segfault due to libcurl connection caching). (Pierrick)
  • Fixed bug #63859 (Memory leak when reusing curl-handle). (Pierrick)
  • Fixed bug #63795 (CURL >= 7.28.0 no longer support value 1 for CURLOPT_SSL_VERIFYHOST). (Pierrick)
  • Fixed bug #63352 (Can't enable hostname validation when using curl stream wrappers). (Pierrick)
  • Fixed bug #55438 (Curlwapper is not sending http header randomly). ([email protected], Pierrick)

New in PHP 5.4.10 (December 19th, 2012)

  • Core:
  • Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
  • Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value). (Pierrick)
  • Fixed bug #63468 (wrong called method as callback with inheritance). (Laruence)
  • Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created). (kemcline at au1 dot ibm dot com)
  • Fixed bug #61557 (Crasher in tt-rss backend.php). (i dot am dot jack dot mail at gmail dot com)
  • Fixed bug #61272 (ob_start callback gets passed empty string). (Mike, casper at langemeijer dot eu)
  • Date:
  • Fixed bug #63666 (Poor date() performance). (Paul Talborg).
  • Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond). (Remi)
  • Imap:
  • Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi)
  • Json:
  • Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation). (Remi)
  • MySQLi:
  • Fixed bug #63361 (missing header). (Remi)
  • MySQLnd:
  • Fixed bug #63398 (Segfault when polling closed link). (Laruence)
  • Fileinfo:
  • Fixed bug #63590 (Different results in TS and NTS under Windows). (Anatoliy)
  • FPM:
  • Fixed bug #63581 Possible null dereference and buffer overflow (Remi)
  • Pdo_sqlite:
  • Fixed Bug #63149 getColumnMeta should return the table name when system SQLite used. (Remi)
  • Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)
  • Reflection:
  • Fixed Bug #63614 (Fatal error on Reflection). (Laruence)
  • SOAP:
  • Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests). (John Jawed, Dmitry)
  • Sockets:
  • Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()). (Igor Wiedler, Lars)

New in PHP 5.5.0 Alpha 2 (December 19th, 2012)

  • General improvements:
  • Added systemtap support by enabling systemtap compatible dtrace probes on linux. (David Soria Parra)
  • Added support for using empty() on the result of function calls and other expressions (http://wiki.php.net/rfc/empty_isset_exprs). (Nikita Popov)
  • Optimized access to temporary and compiled VM variables. 8% less memory reads. (Dmitry)
  • The VM stacks for passing function arguments and syntaticaly nested calls were merged into a single stack. The stack size needed for op_array execution is calculated at compile time and preallocated at once. As result all the stack push operatins don't require checks for stack overflow any more. (Dmitry)
  • MySQL:
  • This extension is now deprecated, and deprecation warnings will be generated when connections are established to databases via mysql_connect(), mysql_pconnect(), or through implicit connection: use MySQLi or PDO_MySQL instead (http://wiki.php.net/rfc/mysql_deprecation). (Adam)
  • Fileinfo:
  • Fixed bug #63590 (Different results in TS and NTS under Windows). (Anatoliy)
  • Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)

New in PHP 5.5.0 Alpha 1 (December 6th, 2012)

  • General improvements:
  • Added support for generators. (Nikita Popov)
  • Add simplified password hashing API (http://wiki.php.net/rfc/password_hash). (Anthony Ferrara)
  • Add generators and coroutines (http://wiki.php.net/rfc/generators). (Nikita Popov)
  • Support list in foreach (http://wiki.php.net/rfc/foreachlist). (Laruence)
  • Implemented 'finally' keyword (http://wiki.php.net/rfc/finally). (Laruence)
  • Drop Windows XP and 2003 support. (Pierre)
  • Improve set_exception_handler while doing reset.(Laruence)
  • Support constant array/string dereferencing. (Laruence)
  • Add support for using empty() on the result of function calls and other expressions (http://wiki.php.net/rfc/empty_isset_exprs). (Nikita Popov)
  • Remove php_logo_guid(), php_egg_logo_guid(), php_real_logo_guid(), zend_logo_guid(). (Adnrew Faulds)
  • Calendar:
  • Fixed bug #54254 (cal_from_jd returns month = 6 when there is only one Adar) (Stas, Eitan Mosenkis)
  • Core:
  • Added boolval(). (Jille Timmermans)
  • Added "Z" option to pack/unpack. (Gustavo)
  • Implemented FR #60738 (Allow 'set_error_handler' to handle NULL). (Laruence, Nikita Popov)
  • Added optional second argument for assert() to specify custom message. Patch by Lonny Kapelushnik ([email protected]). (Lars)
  • Fixed bug #18556 (Engine uses locale rules to handle class names). (Stas)
  • Fixed bug #61681 (Malformed grammar). (Nikita Popov, Etienne, Laruence)
  • Fixed bug #61038 (unpack("a5", "str\0\0") does not work as expected). (srgoogleguy, Gustavo)
  • Return previous handler when passing NULL to set_error_handler and set_exception_handler. (Nikita Popov)
  • cURL:
  • Added support for CURLOPT_FTP_RESPONSE_TIMEOUT, CURLOPT_APPEND, CURLOPT_DIRLISTONLY, CURLOPT_NEW_DIRECTORY_PERMS, CURLOPT_NEW_FILE_PERMS, CURLOPT_NETRC_FILE, CURLOPT_PREQUOTE, CURLOPT_KRBLEVEL, CURLOPT_MAXFILESIZE, CURLOPT_FTP_ACCOUNT, CURLOPT_COOKIELIST, CURLOPT_IGNORE_CONTENT_LENGTH, CURLOPT_CONNECT_ONLY, CURLOPT_LOCALPORT, CURLOPT_LOCALPORTRANGE, CURLOPT_FTP_ALTERNATIVE_TO_USER, CURLOPT_SSL_SESSIONID_CACHE, CURLOPT_FTP_SSL_CCC, CURLOPT_HTTP_CONTENT_DECODING, CURLOPT_HTTP_TRANSFER_DECODING, CURLOPT_PROXY_TRANSFER_MODE, CURLOPT_ADDRESS_SCOPE, CURLOPT_CRLFILE, CURLOPT_ISSUERCERT, CURLOPT_USERNAME, CURLOPT_PASSWORD, CURLOPT_PROXYUSERNAME, CURLOPT_PROXYPASSWORD, CURLOPT_NOPROXY, CURLOPT_SOCKS5_GSSAPI_NEC, CURLOPT_SOCKS5_GSSAPI_SERVICE, CURLOPT_TFTP_BLKSIZE, CURLOPT_SSH_KNOWNHOSTS, CURLOPT_FTP_USE_PRET, CURLOPT_MAIL_FROM, CURLOPT_MAIL_RCPT, CURLOPT_RTSP_CLIENT_CSEQ, CURLOPT_RTSP_SERVER_CSEQ, CURLOPT_RTSP_SESSION_ID, CURLOPT_RTSP_STREAM_URI, CURLOPT_RTSP_TRANSPORT, CURLOPT_RTSP_REQUEST, CURLOPT_RESOLVE, CURLOPT_ACCEPT_ENCODING, CURLOPT_TRANSFER_ENCODING, CURLOPT_DNS_SERVERS and CURLOPT_USE_SSL. (Pierrick)
  • Fixed bug #55635 (CURLOPT_BINARYTRANSFER no longer used. The constant still exists for backward compatibility but is doing nothing). (Pierrick)
  • Fixed bug #54995 (Missing CURLINFO_RESPONSE_CODE support). (Pierrick)
  • Datetime:
  • Fixed bug #61642 (modify("+5 weekdays") returns Sunday). (Dmitri Iouchtchenko)
  • Hash:
  • Added support for PBKDF2 via hash_pbkdf2(). (Anthony Ferrara)
  • Intl:
  • The intl extension now requires ICU 4.0+.
  • Added intl.use_exceptions INI directive, which controls what happens when global errors are set together with intl.error_level. (Gustavo)
  • MessageFormatter::format() and related functions now accepted named arguments and mixed numeric/named arguments in ICU 4.8+. (Gustavo)
  • MessageFormatter::format() and related functions now don't error out when an insufficient argument count is provided. Instead, the placeholders will remain unsubstituted. (Gustavo)
  • MessageFormatter::parse() and MessageFormat::format() (and their static equivalents) don't throw away better than second precision in the arguments. (Gustavo)
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $timezone argument time zone identifiers, IntlTimeZone objects, DateTimeZone objects and NULL. (Gustavo)
  • IntlDateFormatter::__construct and datefmt_create() no longer accept invalid timezone identifiers or empty strings. (Gustavo)
  • The default time zone used in IntlDateFormatter::__construct and datefmt_create() (when the corresponding argument is not passed or NULL is passed) is now the one given by date_default_timezone_get(), not the default ICU time zone. (Gustavo)
  • The time zone passed to the IntlDateFormatter is ignored if it is NULL and if the calendar passed is an IntlCalendar object -in this case, the IntlCalendar's time zone will be used instead. Otherwise, the time zone specified in the $timezone argument is used instead. This does not affect old code, as IntlCalendar was introduced in this version. (Gustavo)
  • IntlDateFormatter::__construct and datefmt_create() now accept for the $calendar argument also IntlCalendar objects. (Gustavo)
  • IntlDateFormatter::getCalendar() and datefmt_get_calendar() return false if the IntlDateFormatter was set up with an IntlCalendar instead of the constants IntlDateFormatter::GREGORIAN/TRADITIONAL. IntlCalendar did not exist before this version. (Gustavo)
  • IntlDateFormatter::setCalendar() and datefmt_set_calendar() now also accept an IntlCalendar object, in which case its time zone is taken. Passing a constant is still allowed, and still keeps the time zone. (Gustavo)
  • IntlDateFormatter::setTimeZoneID() and datefmt_set_timezone_id() are deprecated. Use IntlDateFormatter::setTimeZone() or datefmt_set_timezone() instead. (Gustavo)
  • IntlDateFormatter::format() and datefmt_format() now also accept an IntlCalendar object for formatting. (Gustavo)
  • Added the classes: IntlCalendar, IntlGregorianCalendar, IntlTimeZone, IntlBreakIterator, IntlRuleBasedBreakIterator and IntlCodePointBreakIterator. (Gustavo)
  • Added the functions: intlcal_get_keyword_values_for_locale(), intlcal_get_now(), intlcal_get_available_locales(), intlcal_get(), intlcal_get_time(), intlcal_set_time(), intlcal_add(), intlcal_set_time_zone(), intlcal_after(), intlcal_before(), intlcal_set(), intlcal_roll(), intlcal_clear(), intlcal_field_difference(), intlcal_get_actual_maximum(), intlcal_get_actual_minimum(), intlcal_get_day_of_week_type(), intlcal_get_first_day_of_week(), intlcal_get_greatest_minimum(), intlcal_get_least_maximum(), intlcal_get_locale(), intlcal_get_maximum(), intlcal_get_minimal_days_in_first_week(), intlcal_get_minimum(), intlcal_get_time_zone(), intlcal_get_type(), intlcal_get_weekend_transition(), intlcal_in_daylight_time(), intlcal_is_equivalent_to(), intlcal_is_lenient(), intlcal_is_set(), intlcal_is_weekend(), intlcal_set_first_day_of_week(), intlcal_set_lenient(), intlcal_equals(), intlcal_get_repeated_wall_time_option(), intlcal_get_skipped_wall_time_option(), intlcal_set_repeated_wall_time_option(), intlcal_set_skipped_wall_time_option(), intlcal_from_date_time(), intlcal_to_date_time(), intlcal_get_error_code(), intlcal_get_error_message(), intlgregcal_create_instance(), intlgregcal_set_gregorian_change(), intlgregcal_get_gregorian_change() and intlgregcal_is_leap_year(). (Gustavo)
  • Added the functions: intltz_create_time_zone(), intltz_create_default(), intltz_get_id(), intltz_get_gmt(), intltz_get_unknown(), intltz_create_enumeration(), intltz_count_equivalent_ids(), intltz_create_time_zone_id_enumeration(), intltz_get_canonical_id(), intltz_get_region(), intltz_get_tz_data_version(), intltz_get_equivalent_id(), intltz_use_daylight_time(), intltz_get_offset(), intltz_get_raw_offset(), intltz_has_same_rules(), intltz_get_display_name(), intltz_get_dst_savings(), intltz_from_date_time_zone(), intltz_to_date_time_zone(), intltz_get_error_code(), intltz_get_error_message(). (Gustavo)
  • Added the methods: IntlDateFormatter::formatObject(), IntlDateFormatter::getCalendarObject(), IntlDateFormatter::getTimeZone(), IntlDateFormatter::setTimeZone(). (Gustavo)
  • Added the functions: datefmt_format_object(), datefmt_get_calendar_object(), datefmt_get_timezone(), datefmt_set_timezone(), datefmt_get_calendar_object(), intlcal_create_instance(). (Gustavo)
  • MCrypt:
  • mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb() and mcrypt_ofb() now throw E_DEPRECATED. (GoogleGuy)
  • MySQLi:
  • Dropped support for LOAD DATA LOCAL INFILE handlers when using libmysql. Known for stability problems. (Andrey)
  • Added support for SHA256 authentication available with MySQL 5.6.6+. (Andrey)
  • PCRE:
  • Deprecated the /e modifier (http://wiki.php.net/rfc/remove_preg_replace_eval_modifier). (Nikita Popov)
  • Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
  • pgsql:
  • Added pg_escape_literal() and pg_escape_identifier() (Yasuo)
  • SPL:
  • Fix bug #60560 (SplFixedArray un-/serialize, getSize(), count() return 0, keys are strings). (Adam)
  • Tokenizer:
  • Fixed bug #60097 (token_get_all fails to lex nested heredoc). (Nikita Popov)
  • Zip:
  • Upgraded libzip to 0.10.1 (Anatoliy)
  • Fileinfo:
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows). (Anatoliy)

New in PHP 5.4.10 RC 1 (December 6th, 2012)

  • Core:
  • Fixed bug #63635 (Segfault in gc_collect_cycles). (Dmitry)
  • Fixed bug #63512 (parse_ini_file() with INI_SCANNER_RAW removes quotes from value). (Pierrick)
  • Fixed bug #63468 (wrong called method as callback with inheritance). (Laruence)
  • Fixed bug #63451 (config.guess file does not have AIX 7 defined, shared objects are not created). (kemcline at au1 dot ibm dot com)
  • Fixed bug #61557 (Crasher in tt-rss backend.php). (i dot am dot jack dot mail at gmail dot com)
  • Fixed bug #61272 (ob_start callback gets passed empty string). (Mike, casper at langemeijer dot eu)
  • Date:
  • Fixed bug #63666 (Poor date() performance). (Paul Talborg).
  • Fixed bug #63435 (Datetime::format('u') sometimes wrong by 1 microsecond). (Remi)
  • Imap:
  • Fixed bug #63126 (DISABLE_AUTHENTICATOR ignores array). (Remi)
  • Json:
  • Fixed bug #63588 (use php_next_utf8_char and remove duplicate implementation). (Remi)
  • MySQLi:
  • Fixed bug #63361 (missing header). (Remi)
  • MySQLnd:
  • Fixed bug #63398 (Segfault when polling closed link). (Laruence)
  • Fileinfo:
  • Fixed bug #63590 (Different results in TS and NTS under Windows). (Anatoliy)
  • FPM:
  • Fixed bug #63581 Possible null dereference and buffer overflow (Remi)
  • Pdo_sqlite:
  • Fixed Bug #63149 getColumnMeta should return the table name when system SQLite used. (Remi)
  • Apache2 Handler SAPI:
  • Enabled Apache 2.4 configure option for Windows (Pierre, Anatoliy)
  • Reflection:
  • Fixed Bug #63614 (Fatal error on Reflection). (Laruence)
  • SOAP
  • Fixed bug #63271 (SOAP wsdl cache is not enabled after initial requests). (John Jawed, Dmitry)
  • Sockets
  • Fixed bug #49341 (Add SO_REUSEPORT support for socket_set_option()). (Igor Wiedler, Lars)

New in PHP 5.4.9 (November 26th, 2012)

  • Core:
  • Fixed bug #63305 (zend_mm_heap corrupted with traits).
  • Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes).
  • Fixed bug #63241 (PHP fails to open Windows deduplicated files).
  • Fixed bug #62444 (Handle leak in is_readable on windows).
  • Curl:
  • Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST).
  • Fileinfo:
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows).
  • Libxml
  • Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak).
  • Mbstring:
  • Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On).
  • OCI8:
  • Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro)
  • PCRE:
  • Fixed bug #63180 (Corruption of hash tables).
  • Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite).
  • Fixed bug #63284 (Upgrade PCRE to 8.31).
  • PDO:
  • Fixed bug #63235 (buffer overflow in use of SQLGetDiagRec).
  • PDO_pgsql:
  • Fixed bug #62593 (Emulate prepares behave strangely with PARAM_BOOL).
  • Phar:
  • Fixed bug #63297 (Phar fails to write an openssl based signature).
  • Streams:
  • Fixed bug #63240 (stream_get_line() return contains delimiter string).
  • Reflection:
  • Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves traitnames).

New in PHP 5.4.9 RC1 (November 7th, 2012)

  • Core:
  • Fixed bug #63305 (zend_mm_heap corrupted with traits). (Dmitry, Laruence)
  • Fixed bug #63369 ((un)serialize() leaves dangling pointers, causes crashes). (Tony, Andrew Sitnikov)
  • Fixed bug #63241 (PHP fails to open Windows deduplicated files). (daniel dot stelter-gliese at innogames dot de)
  • Fixed bug #62444 (Handle leak in is_readable on windows). (krazyest at seznam dot cz)
  • Curl:
  • Fixed bug #63363 (Curl silently accepts boolean true for SSL_VERIFYHOST). Patch by John Jawed GitHub PR #221 (Anthony)
  • Fileinfo:
  • Fixed bug #63248 (Load multiple magic files from a directory under Windows). (Anatoliy)
  • Libxml
  • Fixed bug #63389 (Missing context check on libxml_set_streams_context() causes memleak). (Laruence)
  • Mbstring:
  • Fixed bug #63447 (max_input_vars doesn't filter variables when mbstring.encoding_translation = On). (Laruence)
  • OCI8:
  • Fixed bug #63265 (Add ORA-00028 to the PHP_OCI_HANDLE_ERROR macro) (Chris Jones)
  • PCRE:
  • Fixed bug #63180 (Corruption of hash tables). (Dmitry)
  • Fixed bug #63055 (Segfault in zend_gc with SF2 testsuite). (Dmitry, Laruence)
  • Fixed bug #63284 (Upgrade PCRE to 8.31). (Anatoliy)
  • Phar:
  • Fixed bug #63297 (Phar fails to write an openssl based signature). (Anatoliy)
  • Reflection:
  • Fixed bug #63399 (ReflectionClass::getTraitAliases() incorrectly resolves traitnames). (Laruence)

New in PHP 5.4.8 (October 17th, 2012)

  • CLI server:
  • Changed response to unknown HTTP method to 501 according to RFC. (Niklas Lindgren).
  • Support HTTP PATCH method. Patch by Niklas Lindgren, GitHub PR #190. (Lars)
  • Core:
  • Added optional second argument for assert() to specify custom message. Patch by Lonny Kapelushnik ([email protected]). (Lars)
  • Support building PHP with the native client toolchain. (Stuart Langley)
  • Added --offline option for tests. (Remi)
  • Fixed bug #63162 (parse_url does not match password component). (husman)
  • Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry)
  • Fixed bug #63093 (Segfault while load extension failed in zts-build). (Laruence)
  • Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes). (Laruence)
  • Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry). (aserbulov at parallels dot com)
  • Fixed bug #62907 (Double free when use traits). (Dmitry)
  • Fixed bug #61767 (Shutdown functions not called in certain error situation). (Dmitry)
  • Fixed bug #60909 (custom error handler throwing Exception + fatal error = no shutdown function). (Dmitry)
  • Fixed bug #60723 (error_log error time has changed to UTC ignoring default timezone). (Laruence)
  • cURL:
  • Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will cause cpu Soaring). (Pierrick)
  • Date:
  • Fixed bug #62896 ("DateTime->modify('+0 days')" modifies DateTime object) (Lonny Kapelushnik)
  • Fixed bug #62561 (DateTime add 'P1D' adds 25 hours). (Lonny Kapelushnik)
  • DOM:
  • Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler). (Rob)
  • FPM:
  • Fixed bug #62954 (startup problems fpm / php-fpm). (fat)
  • Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat)
  • Fixed bug #63085 (Systemd integration and daemonize). (remi, fat)
  • Fixed bug #62947 (Unneccesary warnings on FPM). (fat)
  • Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat)
  • Fixed bug #62216 (Add PID to php-fpm init.d script). (fat)
  • OpenSSL:
  • Implemented FR #61421 (OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512). (Mark Jones)
  • SOAP
  • Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). (Dmitry)
  • SPL:
  • Bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables). (Laruence)
  • mbstring:
  • Allow passing null as a default value to mb_substr() and mb_strcut(). Patch by Alexander Moskaliov via GitHub PR #133. (Lars)
  • Filter extension:
  • Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty string or false. (Lars)
  • Sockets
  • Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by Igor Wiedler). (Lars)

New in PHP 5.4.8 RC 1 (October 4th, 2012)

  • CLI server:
  • Changed response to unknown HTTP method to 501 according to RFC. (Niklas Lindgren).
  • Support HTTP PATCH method. Patch by Niklas Lindgren, GitHub PR #190. (Lars)
  • Core:
  • Added optional second argument for assert() to specify custom message. Patch by Lonny Kapelushnik ([email protected]). (Lars)
  • Support building PHP with the native client toolchain. (Stuart Langley)
  • Added --offline option for tests. (Remi)
  • Fixed bug #63162 (parse_url does not match password component). (husman)
  • Fixed bug #63111 (is_callable() lies for abstract static method). (Dmitry)
  • Fixed bug #63093 (Segfault while load extension failed in zts-build). (Laruence)
  • Fixed bug #62976 (Notice: could not be converted to int when comparing some builtin classes). (Laruence)
  • Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry). (aserbulov at parallels dot com)
  • Fixed bug #62907 (Double free when use traits). (Dmitry)
  • Fixed bug #61767 (Shutdown functions not called in certain error situation). (Dmitry)
  • Fixed bug #60909 (custom error handler throwing Exception + fatal error = no shutdown function). (Dmitry)
  • Fixed bug #60723 (error_log error time has changed to UTC ignoring default timezone). (Laruence)
  • cURL:
  • Fixed bug #62085 (file_get_contents a remote file by Curl wrapper will cause cpu Soaring). (Pierrick)
  • Date:
  • Fixed bug #62896 ("DateTime->modify('+0 days')" modifies DateTime object) (Lonny Kapelushnik)
  • Fixed bug #62561 (DateTime add 'P1D' adds 25 hours). (Lonny Kapelushnik)
  • DOM:
  • Fixed bug #63015 (Incorrect arginfo for DOMErrorHandler). (Rob)
  • FPM:
  • Fixed bug #62954 (startup problems fpm / php-fpm). (fat)
  • Fixed bug #62886 (PHP-FPM may segfault/hang on startup). (fat)
  • Fixed bug #63085 (Systemd integration and daemonize). (remi, fat)
  • Fixed bug #62947 (Unneccesary warnings on FPM). (fat)
  • Fixed bug #62887 (Only /status?plain&full gives "last request cpu"). (fat)
  • Fixed bug #62216 (Add PID to php-fpm init.d script). (fat)
  • OpenSSL:
  • Implemented FR #61421 (OpenSSL signature verification missing RMD160, SHA224, SHA256, SHA384, SHA512). (Mark Jones)
  • SOAP
  • Fixed bug #50997 (SOAP Error when trying to submit 2nd Element of a choice). (Dmitry)
  • SPL:
  • Bug #62987 (Assigning to ArrayObject[null][something] overrides all undefined variables). (Laruence)
  • mbstring:
  • Allow passing null as a default value to mb_substr() and mb_strcut(). Patch by Alexander Moskaliov via GitHub PR #133. (Lars)
  • Filter extension:
  • Bug #49510: Boolean validation fails with FILTER_NULL_ON_FAILURE with empty string or false. (Lars)
  • Sockets
  • Fixed bug #63000 (MCAST_JOIN_GROUP on OSX is broken, merge of PR 185 by Igor Wiedler). (Lars)

New in PHP 5.4.7 (September 13th, 2012)

  • Core:
  • Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
  • Fixed bug #62955 (Only one directive is loaded from "Per Directory Values" Windows registry). (Felipe)
  • Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds).
  • Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not set). (Felipe)
  • Fixed bug #62763 (register_shutdown_function and extending class). (Laruence)
  • Fixed bug #62725 (Calling exit() in a shutdown function does not return the exit value). (Laruence)
  • Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
  • Fixed bug #62716 (munmap() is called with the incorrect length). ([email protected])
  • Fixed bug #62358 (Segfault when using traits a lot). (Laruence)
  • Fixed bug #62328 (implementing __toString and a cast to string fails) (Laruence)
  • Fixed bug #51363 (Fatal error raised by var_export() not caught by error handler). (Lonny Kapelushnik)
  • Fixed bug #40459 (Stat and Dir stream wrapper methods do not call constructor). (Stas)
  • CURL:
  • Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed). (Pierrick)
  • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)
  • DateTime:
  • Fixed bug #62852 (Unserialize invalid DateTime causes crash). ([email protected])
  • Intl:
  • Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo)
  • Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo)
  • Fix bug #62915 (defective cloning in several intl classes). (Gustavo)
  • Installation:
  • Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia)
  • PCRE:
  • Fixed bug #55856 (preg_replace should fail on trailing garbage). (reg dot php at alf dot nu)
  • PDO:
  • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)
  • Reflection:
  • Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing trait methods as private). (Felipe)
  • Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result). (Laruence)
  • Session:
  • Fixed bug (segfault due to retval is not initialized). (Laruence)
  • Fixed bug (segfault due to PS(mod_user_implemented) not be reseted when close handler call exit). (Laruence)
  • SPL:
  • Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) (Laruence)
  • Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence)
  • Standard:
  • Fixed bug #62836 (Seg fault or broken object references on unserialize()). (Laruence)
  • FPM:
  • Merged PR 121 by minitux to add support for slow request counting on PHP FPM status page. (Lars)

New in PHP 5.4.7 RC 1 (August 31st, 2012)

  • Core:
  • Fixed bug (segfault while build with zts and GOTO vm-kind). (Laruence)
  • Fixed bug #62844 (parse_url() does not recognize //). (Andrew Faulds).
  • Fixed bug #62829 (stdint.h included on platform where HAVE_STDINT_H is not set). (Felipe)
  • Fixed bug #62763 (register_shutdown_function and extending class). (Laruence)
  • Fixed bug #62725 (Calling exit() in a shutdown function does not return the exit value). (Laruence)
  • Fixed bug #62744 (dangling pointers made by zend_disable_class). (Laruence)
  • Fixed bug #62716 (munmap() is called with the incorrect length). ([email protected])
  • Fixed bug #62358 (Segfault when using traits a lot). (Laruence)
  • Fixed bug #62328 (implementing __toString and a cast to string fails) (Laruence)
  • Fixed bug #51363 (Fatal error raised by var_export() not caught by error handler). (Lonny Kapelushnik)
  • Fixed bug #40459 (Stat and Dir stream wrapper methods do not call constructor). (Stas)
  • CURL:
  • Fixed bug #62912 (CURLINFO_PRIMARY_* AND CURLINFO_LOCAL_* not exposed). (Pierrick)
  • Fixed bug #62839 (curl_copy_handle segfault with CURLOPT_FILE). (Pierrick)
  • DateTime:
  • Fixed bug #62852 (Unserialize invalid DateTime causes crash). ([email protected])
  • Intl:
  • Fixed Spoofchecker not being registered on ICU 49.1. (Gustavo)
  • Fix bug #62933 (ext/intl compilation error on icu 3.4.1). (Gustavo)
  • Fix bug #62915 (defective cloning in several intl classes). (Gustavo)
  • Installation:
  • Fixed bug #62460 (php binaries installed as binary.dSYM). (Reeze Xia)
  • PCRE:
  • Fixed bug #55856 (preg_replace should fail on trailing garbage). (reg dot php at alf dot nu)
  • PDO:
  • Fixed bug #62685 (Wrong return datatype in PDO::inTransaction()). (Laruence)
  • Reflection:
  • Fixed bug #62892 (ReflectionClass::getTraitAliases crashes on importing trait methods as private). (Felipe)
  • Fixed bug #62715 (ReflectionParameter::isDefaultValueAvailable() wrong result). (Laruence)
  • Session:
  • Fixed bug (segfault due to retval is not initialized). (Laruence)
  • Fixed bug (segfault due to PS(mod_user_implemented) not be reseted when close handler call exit). (Laruence)
  • SPL:
  • Fixed bug #62904 (Crash when cloning an object which inherits SplFixedArray) (Laruence)
  • Implemented FR #62840 (Add sort flag to ArrayObject::ksort). (Laruence)
  • Standard:
  • Fixed bug #62836 (Seg fault or broken object references on unserialize()). (Laruence)
  • FPM:
  • Merged PR 121 by minitux to add support for slow request counting on PHP FPM status page. (Lars)

New in PHP 5.4.6 (August 17th, 2012)

  • CLI Server:
  • Implemented FR #62700 (have the console output 'Listening on http://localhost:8000').
  • Core:
  • Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file).
  • Fixed bug #62653: (unset($array[$float]) causes a crash).
  • Fixed bug #62565 (Crashes due non-initialized internal properties_table).
  • Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php).
  • CURL:
  • Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false).
  • DateTime:
  • Fixed bug #62500 (Segfault in DateInterval class when extended).
  • Fileinfo:
  • Fixed bug #61964 (finfo_open with directory causes invalid free).
  • Intl:
  • Fixed bug #62564 (Extending MessageFormatter and adding property causes crash).
  • MySQLnd:
  • Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode).
  • readline:
  • Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file).
  • Reflection:
  • Implemented FR #61602 (Allow access to name of constant used as default value).
  • SimpleXML:
  • Implemented FR #55218 (Get namespaces from current node).
  • SPL:
  • Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault).
  • Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end).
  • Streams:
  • Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build).
  • Zlib:
  • Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression).

New in PHP 5.4.6 RC 1 (August 2nd, 2012)

  • CLI Server:
  • Implemented FR #62700 (have the console output 'Listening on http://localhost:8000'). ([email protected])
  • Core:
  • Fixed bug #62661 (Interactive php-cli crashes if include() is used in auto_prepend_file). (Laruence)
  • Fixed bug #62653: (unset($array[$float]) causes a crash). (Nikita Popov, Laruence)
  • Fixed bug #62565 (Crashes due non-initialized internal properties_table). (Felipe)
  • Fixed bug #60194 (--with-zend-multibyte and --enable-debug reports LEAK with run-test.php). (Laruence)
  • CURL:
  • Fixed bug #62499 (curl_setopt($ch, CURLOPT_COOKIEFILE, "") returns false). ([email protected], Laruence)
  • DateTime:
  • Fixed Bug #62500 (Segfault in DateInterval class when extended). (Laruence)
  • Fileinfo:
  • Fixed bug #61964 (finfo_open with directory causes invalid free). ([email protected])
  • Intl:
  • Fixed bug #62564 (Extending MessageFormatter and adding property causes crash). (Felipe)
  • MySQLnd:
  • Fixed bug #62594 (segfault in mysqlnd_res_meta::set_mode). (Laruence)
  • readline:
  • Fixed bug #62612 (readline extension compilation fails with sapi/cli/cli.h: No such file). (Johannes)
  • Reflection:
  • Implemented FR #61602 (Allow access to name of constant used as default value). ([email protected])
  • SimpleXML:
  • Implemented FR #55218 Get namespaces from current node. (Lonny)
  • SPL:
  • Fixed bug #62616 (ArrayIterator::count() from IteratorIterator instance gives Segmentation fault). (Laruence, Gustavo)
  • Fixed bug #61527 (ArrayIterator gives misleading notice on next() when moved to the end). ([email protected])
  • Streams:
  • Fixed bug #62597 (segfault in php_stream_wrapper_log_error with ZTS build). (Laruence)
  • Zlib:
  • Fixed bug #55544 (ob_gzhandler always conflicts with zlib.output_compression). (Laruence)

New in PHP 5.4.5 (July 19th, 2012)

  • Core:
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt). (Anthony Ferrara)
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent). (Johannes)
  • Fixed bug #62373 (serialize() generates wrong reference to the object). (Moriyoshi)
  • Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp). (Laruence)
  • Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution). (Dmitry)
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon). (Pierrick)
  • Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). (Jason Powell, Stas)
  • EXIF:
  • Fixed information leak in ext exif (discovered by Martin Noga, Matthew "j00ru" Jurczyk, Gynvael Coldwind)
  • FPM:
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). (fat)
  • Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat)
  • Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user'
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests). (fat)
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start). (fat)
  • Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors). (fat)
  • Iconv:
  • Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas)
  • Intl:
  • Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo)
  • ResourceBundle constructor now accepts NULL for the first two arguments. (Gustavo)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice). (Gustavo)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern). (Gustavo)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo)
  • JSON:
  • Fixed bug #61359 (json_encode() calls too many reallocs). (Stas)
  • libxml:
  • Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI). (Gustavo)
  • Phar:
  • Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe)
  • Readline:
  • Fixed bug #62186 (readline fails to compile void function should not return a value). (Johannes)
  • Reflection:
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault). (Felipe)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant). (Laruence)
  • Sockets:
  • Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe)
  • SPL:
  • Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files). (Laruence)
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable). (Nikita Popov)
  • XML Writer:
  • Fixed bug #62064 (memory leak in the XML Writer module). (jean-pierre dot lozi at lip6 dot fr)
  • Zip:
  • Upgraded libzip to 0.10.1 (Anatoliy)

New in PHP 5.4.5 RC 1 (July 4th, 2012)

  • Core:
  • Fixed bug #62443 (Crypt SHA256/512 Segfaults With Malformed Salt). (Anthony Ferrara)
  • Fixed bug #62432 (ReflectionMethod random corrupt memory on high concurrent). (Johannes)
  • Fixed bug #62373 (serialize() generates wrong reference to the object). (Moriyoshi)
  • Fixed bug #62357 (compile failure: (S) Arguments missing for built-in function __memcmp). (Laruence)
  • Fixed bug #61998 (Using traits with method aliases appears to result in crash during execution). (Dmitry)
  • Fixed bug #51094 (parse_ini_file() with INI_SCANNER_RAW cuts a value that includes a semi-colon). (Pierrick)
  • Fixed potential overflow in _php_stream_scandir (CVE-2012-2688). (Jason Powell, Stas)
  • EXIF:
  • Fixed information leak in ext exif (discovered by Martin Noga, Matthew "j00ru" Jurczyk, Gynvael Coldwind)
  • FPM:
  • Fixed bug #62205 (php-fpm segfaults (null passed to strstr)). (fat)
  • Fixed bug #62160 (Add process.priority to set nice(2) priorities). (fat)
  • Fixed bug #62153 (when using unix sockets, multiples FPM instances
  • Fixed bug #62033 (php-fpm exits with status 0 on some failures to start). (fat)
  • Fixed bug #61839 (Unable to cross-compile PHP with --enable-fpm). (fat)
  • Fixed bug #61835 (php-fpm is not allowed to run as root). (fat)
  • Fixed bug #61295 (php-fpm should not fail with commented 'user'
  • Fixed bug #61218 (FPM drops connection while receiving some binary values in FastCGI requests). (fat)
  • Fixed bug #61045 (fpm don't send error log to fastcgi clients). (fat) for non-root start). (fat)
  • Fixed bug #61026 (FPM pools can listen on the same address). (fat) can be launched without errors). (fat)
  • Iconv:
  • Fix bug #55042 (Erealloc in iconv.c unsafe). (Stas)
  • Intl:
  • Fixed bug #62083 (grapheme_extract() memory leaks). (Gustavo)
  • ResourceBundle constructor now accepts NULL for the first two arguments. (Gustavo)
  • Fixed bug #62081 (IntlDateFormatter constructor leaks memory when called twice). (Gustavo)
  • Fixed bug #62070 (Collator::getSortKey() returns garbage). (Gustavo)
  • Fixed bug #62017 (datefmt_create with incorrectly encoded timezone leaks pattern). (Gustavo)
  • Fixed bug #60785 (memory leak in IntlDateFormatter constructor). (Gustavo)
  • JSON:
  • Fixed bug #61359 (json_encode() calls too many reallocs). (Stas)
  • libxml:
  • Fixed bug #62266 (Custom extension segfaults during xmlParseFile with FPM SAPI). (Gustavo)
  • Phar:
  • Fixed bug #62227 (Invalid phar stream path causes crash). (Felipe)
  • Readline:
  • Fixed bug #62186 (readline fails to compile void function should not return a value). (Johannes)
  • Reflection:
  • Fixed bug #62384 (Attempting to invoke a Closure more than once causes segfault). (Felipe)
  • Fixed bug #62202 (ReflectionParameter::getDefaultValue() memory leaks with constant). (Laruence)
  • Sockets:
  • Fixed bug #62025 (__ss_family was changed on AIX 5.3). (Felipe)
  • SPL:
  • Fixed bug #62433 (Inconsistent behavior of RecursiveDirectoryIterator to dot files). (Laruence)
  • Fixed bug #62262 (RecursiveArrayIterator does not implement Countable). (Nikita Popov)
  • XML Writer:
  • Fixed bug #62064 (memory leak in the XML Writer module). (jean-pierre dot lozi at lip6 dot fr)
  • Zip:
  • Upgraded libzip to 0.10.1 (Anatoliy)

New in PHP 5.4.4 (June 13th, 2012)

  • CLI Server:
  • Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions). (Sixd, Laruence)
  • Improved performance while sending error page, this also fixed bug #61785 (Memory leak when access a non-exists file without router). (Laruence)
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, [email protected])
  • COM:
  • Fixed bug #62146 com_dotnet cannot be built shared. (Johannes)
  • Core:
  • Fixed missing bound check in iptcparse(). (chris at chiappa.net)
  • Fixed CVE-2012-2143. (Solar Designer)
  • Fixed bug #62097 (fix for for bug #54547). (Gustavo)
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence)
  • Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable). (Felipe)
  • Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
  • Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). (Laruence)
  • Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
  • Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls). (Stas)
  • Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash). (Laruence)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference). (Laruence)
  • Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase). (Laruence)
  • Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
  • Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2)). (Laruence)
  • Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
  • Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null). (Anatoliy)
  • Changed php://fd to be available only for CLI.
  • CURL:
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). (Laruence)
  • Intl:
  • Fixed bug #62082 (Memory corruption in internal function get_icu_disp_value_src_php()). (Gustavo)
  • PDO:
  • Fixed bug #61755 (A parsing bug in the prepared statements can lead to access violations). (Johannes)
  • Phar:
  • Fix bug #61065 (Secunia SA44335, CVE-2012-2386). (Rasmus)
  • Pgsql:
  • Added pg_escape_identifier/pg_escape_literal. (Yasuo Ohgaki)
  • FPM:
  • Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo)
  • Fixed bug #61565 where php_stream_open_wrapper_ex tries to open a directory descriptor under windows. (Anatoliy)
  • Fixed bug #61566 failure caused by the posix lseek and read versions under windows in cdf_read(). (Anatoliy)
  • Libxml:
  • Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). (Laruence)
  • Zlib:
  • Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression). (Mike)
  • Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
  • Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike)

New in PHP 5.4.4 RC 1 (May 16th, 2012)

  • CLI Server:
  • Implemented FR #61977 (Need CLI web-server support for files with .htm & svg extensions). (Sixd, Laruence)
  • Improved performance while sending error page, this also fixed bug #61785 (Memory leak when access a non-exists file without router). (Laruence)
  • Fixed bug #61546 (functions related to current script failed when chdir() in cli sapi). (Laruence, [email protected])
  • CURL:
  • Fixed bug #61948 (CURLOPT_COOKIEFILE '' raises open_basedir restriction). (Laruence)
  • Core:
  • Fixed missing bound check in iptcparse(). (chris at chiappa.net)
  • Fixed bug #62005 (unexpected behavior when incrementally assigning to a member of a null object). (Laruence)
  • Fixed bug #61978 (Object recursion not detected for classes that implement JsonSerializable). (Felipe)
  • Fixed bug #61991 (long overflow in realpath_cache_get()). (Anatoliy)
  • Fixed bug #61922 (ZTS build doesn't accept zend.script_encoding config). (Laruence)
  • Fixed bug #61827 (incorrect \e processing on Windows) (Anatoliy)
  • Fixed bug #61782 (__clone/__destruct do not match other methods when checking access controls). (Stas)
  • Fixed bug #61761 ('Overriding' a private static method with a different signature causes crash). (Laruence)
  • Fixed bug #61730 (Segfault from array_walk modifying an array passed by reference). (Laruence)
  • Fixed bug #61728 (PHP crash when calling ob_start in request_shutdown phase). (Laruence)
  • Fixed bug #61660 (bin2hex(hex2bin($data)) != $data). (Nikita Popov)
  • Fixed bug #61650 (ini parser crashes when using ${xxxx} ini variables (without apache2)). (Laruence)
  • Fixed bug #61605 (header_remove() does not remove all headers). (Laruence)
  • Fixed bug #54547 (wrong equality of string numbers). (Gustavo)
  • Fixed bug #54197 ([PATH=] sections incompatibility with user_ini.filename set to null). (Anatoliy)
  • Changed php://fd to be available only for CLI.
  • Phar:
  • Fix bug #61065 (Secunia SA44335). (Rasmus)
  • Reflection:
  • Implemented FR #61602 (Allow access to the name of constant used as function/method parameter's default value). ([email protected])
  • FPM
  • Fixed bug #61812 (Uninitialised value used in libmagic). (Laruence, Gustavo)
  • Libxml:
  • Fixed bug #61617 (Libxml tests failed(ht is already destroyed)). (Laruence)
  • Zlib:
  • Fixed bug #61820 (using ob_gzhandler will complain about headers already sent when no compression). (Mike)
  • Fixed bug #61443 (can't change zlib.output_compression on the fly). (Mike)
  • Fixed bug #60761 (zlib.output_compression fails on refresh). (Mike)

New in PHP 5.4.3 (May 8th, 2012)

  • CGI:
  • Re-Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823. (Stas)
  • Fix bug #61807 - Buffer Overflow in apache_request_headers. (nyt-php at countercultured dot net).

New in PHP 5.4.2 (May 4th, 2012)

  • Fixed bug #61910 Fix PHP-CGI query string parameter vulnerability, CVE-2012-1823.

New in PHP 5.4.1 (April 25th, 2012)

  • CLI Server:
  • Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
  • Implemented FR #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
  • "Connection: close" instead of "Connection: closed" (Gustavo)
  • Core:
  • Fixed crash in ZTS using same class in many threads. (Johannes)
  • Fixed bug #61374 (html_entity_decode tries to decode code points that don't exist in ISO-8859-1). (Gustavo)
  • Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes). (Laruence)
  • Fixed bug #61225 (Incorrect lexing of 0b00*+). (Pierrick)
  • Fixed bug #61165 (Segfault strip_tags()). (Laruence)
  • Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov)
  • Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode). (Nikic, Laruence)
  • Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence)
  • Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence)
  • Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan)
  • Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property). (Laruence)
  • Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence)
  • Fixed bug #60978 (exit code incorrect). (Laruence)
  • Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
  • Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
  • Fixed bug #60717 (Order of traits in use statement can cause a fatal error). (Stefan)
  • Fixed bug #60573 (type hinting with "self" keyword causes weird errors). (Laruence)
  • Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
  • Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov)
  • Improve performance of set_exception_handler while doing reset (Laruence)
  • fileinfo:
  • Fix fileinfo test problems. (Anatoliy Belsky)
  • FPM:
  • Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c). (michaelhood at gmail dot com, Ilia)
  • Ibase:
  • Fixed bug #60947 (Segmentation fault while executing ibase_db_info). (Ilia)
  • Installation:
  • Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
  • Intl:
  • Fixed bug #61487 (Incorrent bounds checking in grapheme_strpos). (Stas)
  • mbstring:
  • MFH mb_ereg_replace_callback() for security enhancements. (Rui)
  • mysqli:
  • Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
  • mysqlnd:
  • Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes)
  • Readline:
  • Fixed bug #61088 (Memory leak in readline_callback_handler_install). (Nikic, Laruence)
  • Session:
  • Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()). (Ilia)
  • SOAP:
  • Fixed bug #61423 (gzip compression fails). (Ilia)
  • Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com)
  • Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is > 10 bytes). (Ilia)
  • Fixed bug #49853 (Soap Client stream context header option ignored). (Dmitry)
  • PDO:
  • Fixed bug #61292 (Segfault while calling a method on an overloaded PDO object). (Laruence)
  • PDO_mysql:
  • Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes)
  • Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes)
  • PDO_odbc:
  • Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
  • Phar:
  • Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikita Popov)
  • Reflection:
  • Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence)
  • SPL:
  • Fixed bug #61453 (SplObjectStorage does not identify objects correctly). (Gustavo)
  • Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
  • Standard:
  • Fixed memory leak in substr_replace. (Pierrick)
  • Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
  • Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
  • Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
  • Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths). (Ilia)
  • XMLRPC:
  • Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov)
  • Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov)
  • Zlib:
  • Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo)
  • Fixed bug #61287 (A particular string fails to decompress). (Mike)
  • Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)

New in PHP 5.4.1 RC 2 (April 12th, 2012)

  • Core:
  • Fixed crash in ZTS using same class in many threads. (Johannes)
  • fileinfo:
  • Fix fileinfo test problems. (Anatoliy Belsky)

New in PHP 5.4.1 RC 1 (March 22nd, 2012)

  • CLI Server:
  • Fixed bug #61461 (missing checks around malloc() calls). (Ilia)
  • Implemented FR #60850 (Built in web server does not set $_SERVER['SCRIPT_FILENAME'] when using router). (Laruence)
  • "Connection: close" instead of "Connection: closed" (Gustavo)
  • Core:
  • Fixed bug #61374 (html_entity_decode tries to decode code points that don't exist in ISO-8859-1). (Gustavo)
  • Fixed bug #61273 (call_user_func_array with more than 16333 arguments leaks / crashes). (Laruence)
  • Fixed bug #61225 (Incorrect lexing of 0b00*+). (Pierrick)
  • Fixed bug #61165 (Segfault strip_tags()). (Laruence)
  • Fixed bug #61106 (Segfault when using header_register_callback). (Nikita Popov)
  • Fixed bug #61087 (Memory leak in parse_ini_file when specifying invalid scanner mode). (Nikic, Laruence)
  • Fixed bug #61072 (Memory leak when restoring an exception handler). (Nikic, Laruence)
  • Fixed bug #61058 (array_fill leaks if start index is PHP_INT_MAX). (Laruence)
  • Fixed bug #61052 (Missing error check in trait 'insteadof' clause). (Stefan)
  • Fixed bug #61011 (Crash when an exception is thrown by __autoload accessing a static property). (Laruence)
  • Fixed bug #61000 (Exceeding max nesting level doesn't delete numerical vars). (Laruence)
  • Fixed bug #60978 (exit code incorrect). (Laruence)
  • Fixed bug #60911 (Confusing error message when extending traits). (Stefan)
  • Fixed bug #60801 (strpbrk() mishandles NUL byte). (Adam)
  • Fixed bug #60717 (Order of traits in use statement can cause a fatal error). (Stefan)
  • Fixed bug #60573 (type hinting with "self" keyword causes weird errors). (Laruence)
  • Fixed bug #60569 (Nullbyte truncates Exception $message). (Ilia)
  • Fixed bug #52719 (array_walk_recursive crashes if third param of the function is by reference). (Nikita Popov)
  • FPM:
  • Fixed bug #61430 (Transposed memset() params in sapi/fpm/fpm/fpm_shm.c). (michaelhood at gmail dot com, Ilia)
  • Ibase:
  • Fixed bug #60947 (Segmentation fault while executing ibase_db_info). (Ilia)
  • Installation:
  • Fixed bug #61172 (Add Apache 2.4 support). (Chris Jones)
  • mbstring:
  • MFH mb_ereg_replace_callback() for security enhancements. (Rui)
  • mysqli:
  • Fixed bug #61003 (mysql_stat() require a valid connection). (Johannes).
  • mysqlnd:
  • Fixed bug #60948 (mysqlnd FTBFS when -Wformat-security is enabled). (Johannes)
  • Readline:
  • Fixed bug #61088 (Memory leak in readline_callback_handler_install). (Nikic, Laruence)
  • Session:
  • Fixed bug #60634 (Segmentation fault when trying to die() in SessionHandler::write()). (Ilia)
  • SOAP:
  • Fixed bug #60887 (SoapClient ignores user_agent option and sends no User-Agent header). (carloschilazo at gmail dot com)
  • Fixed bug #60842, #51775 (Chunked response parsing error when chunksize length line is > 10 bytes). (Ilia)
  • Fixed bug #49853 (Soap Client stream context header option ignored). (Dmitry)
  • PDO:
  • Fixed bug #61292 (Segfault while calling a method on an overloaded PDO object). (Laruence)
  • PDO_mysql:
  • Fixed bug #61207 (PDO::nextRowset() after a multi-statement query doesn't always work). (Johannes)
  • Fixed bug #61194 (PDO should export compression flag with myslqnd). (Johannes)
  • PDO_odbc:
  • Fixed bug #61212 (PDO ODBC Segfaults on SQL_SUCESS_WITH_INFO). (Ilia)
  • Phar:
  • Fixed bug #61184 (Phar::webPhar() generates headers with trailing NUL bytes). (Nikita Popov)
  • Reflection:
  • Fixed bug #60968 (Late static binding doesn't work with ReflectionMethod::invokeArgs()). (Laruence)
  • SPL:
  • Fixed bug #61453 (SplObjectStorage does not identify objects correctly). (Gustavo)
  • Fixed bug #61347 (inconsistent isset behavior of Arrayobject). (Laruence)
  • Standard:
  • Fixed memory leak in substr_replace. (Pierrick)
  • Make max_file_uploads ini directive settable outside of php.ini (Rasmus)
  • Fixed bug #61409 (Bad formatting on phpinfo()). (Jakub Vrana)
  • Fixed bug #60222 (time_nanosleep() does validate input params). (Ilia)
  • Fixed bug #60106 (stream_socket_server silently truncates long unix socket paths). (Ilia)
  • XMLRPC:
  • Fixed bug #61264 (xmlrpc_parse_method_descriptions leaks temporary variable). (Nikita Popov)
  • Fixed bug #61097 (Memory leak in xmlrpc functions copying zvals). (Nikita Popov)
  • Zlib:
  • Fixed bug #61306 (initialization of global inappropriate for ZTS). (Gustavo)
  • Fixed bug #61287 (A particular string fails to decompress). (Mike)
  • Fixed bug #61139 (gzopen leaks when specifying invalid mode). (Nikita Popov)

New in PHP 5.4.0 (March 1st, 2012)

  • autoconf 2.59+ is now supported (and required) for generating the configure script with ./buildconf. Autoconf 2.60+ is desirable otherwise the configure help order may be incorrect. (Rasmus, Chris Jones)
  • Removed legacy features:
  • break/continue $var syntax. (Dmitry)
  • Safe mode and all related ini options. (Kalle)
  • register_globals and register_long_arrays ini options. (Kalle)
  • import_request_variables(). (Kalle)
  • allow_call_time_pass_reference. (Pierrick)
  • define_syslog_variables ini option and its associated function. (Kalle)
  • highlight.bg ini option. (Kalle)
  • Session bug compatibility mode (session.bug_compat_42 and session.bug_compat_warn ini options). (Kalle)
  • session_is_registered(), session_register() and session_unregister() functions. (Kalle)
  • y2k_compliance ini option. (Kalle)
  • magic_quotes_gpc, magic_quotes_runtime and magic_quotes_sybase ini options. get_magic_quotes_gpc, get_magic_quotes_runtime are kept but always return false, set_magic_quotes_runtime raises an E_CORE_ERROR. (Pierrick, Pierre)
  • Removed support for putenv("TZ=..") for setting the timezone. (Derick)
  • Removed the timezone guessing algorithm in case the timezone isn't set with date.timezone or date_default_timezone_set(). Instead of a guessed timezone, "UTC" is now used instead. (Derick)
  • Moved extensions to PECL: (Johannes)
  • ext/sqlite. (Note: the ext/sqlite3 and ext/pdo_sqlite extensions are not affected)
  • General improvements:
  • Added short array syntax support ([1,2,3]), see UPGRADING guide for full details. (rsky0711 at gmail . com, sebastian.deutsch at 9elements . com, Pierre)
  • Added binary numbers format (0b001010). (Jonah dot Harris at gmail dot com)
  • Added support for Class::{expr}() syntax (Pierrick)
  • Added multibyte support by default. Previously php had to be compiled with --enable-zend-multibyte. Now it can be enabled or disabled through zend.multibyte directive in php.ini. (Dmitry)
  • Removed compile time dependency from ext/mbstring (Dmitry)
  • Added support for Traits. (Stefan)
  • Added closure $this support back. (Stas)
  • Added array dereferencing support. (Felipe)
  • Added callable typehint. (Hannes)
  • Added indirect method call through array. FR #47160. (Felipe)
  • Added DTrace support. (David Soria Parra)
  • Added class member access on instantiation (e.g. (new foo)->bar()) support. (Felipe)

New in PHP 5.4.0 RC 8 (February 17th, 2012)

  • Core:
  • Added ability to reset user opcode handlers (Yoram).
  • Improved max_input_vars directive to check nested variables (Dmitry).
  • Made ZEND_SIGNALS configurable via --enable-zend-signals, off by default (Stas).
  • Fixed bug #60965 (Buffer overflow on htmlspecialchars/entities with $double=false). (Gustavo)
  • CGI/FastCGI SAPI
  • Fixed reinitialization of SAPI callbacks after php_module_startup(). (Dmitry)

New in PHP 5.3.10 (February 6th, 2012)

  • Fixed arbitrary remote code execution vulnerability reported by Stefan Esser, CVE-2012-0830.

New in PHP 5.4.0 RC 7 (February 3rd, 2012)

  • Core:
  • Fix bug #60895 (Possible invalid handler usage in windows random functions). (Pierre)
  • Fixed bug #51860 (Include fails with toplevel symlink to /). (Dmitry)
  • Fixed (disabled) inline-caching for ZEND_OVERLOADED_FUNCTION methods. (Dmitry)
  • OpenSSL:
  • Fix possible attack in SSL sockets with SSL 3.0 / TLS 1.0. CVE-2011-3389. (Scott)
  • Session:
  • Fixed bug #60860 (session.save_handler=user without defined function core dumps). (Felipe)
  • SOAP:
  • Fixed basic HTTP authentication for WSDL sub requests. (Dmitry)

New in PHP 5.4.0 RC 6 (January 20th, 2012)

  • Core:
  • Restoring $_SERVER['REQUEST_TIME'] as a long and introducing$_SERVER['REQUEST_TIME_FLOAT'] to include microsecond precision. (Patrick)
  • Fixed bug #60768 (Output buffer not discarded) (Mike)
  • Hash:
  • Fixed bug #60221 (Tiger hash output byte order) (Mike)
  • Removed Salsa10/Salsa20, which are actually stream ciphers (Mike)
  • Pdo Firebird:
  • Fixed bug #47415 (segfaults when passing lowercased column name to bindColumn). (Mariuz)
  • Fixed bug #53280 (segfaults if query column count less than param count) (Mariuz)
  • SNMP:
  • Fixed bug #60585 (php build fails with USE flag snmp when IPv6 support is disabled). (Boris Lytochkin)
  • Fixed bug #60749 (SNMP module should not strip non-standard SNMP port from hostname). (Boris Lytochkin)

New in PHP 5.3.9 (January 11th, 2012)

  • Core:
  • Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry).
  • Fixed bug #60205 (possible integer overflow in content_length). (Laruence)
  • Fixed bug #60139 (Anonymous functions create cycles not detected by the GC). (Dmitry)
  • Fixed bug #60138 (GC crash with referenced array in RecursiveArrayIterator) (Dmitry).
  • Fixed bug #60120 (proc_open's streams may hang with stdin/out/err when the data exceeds or is equal to 2048 bytes). (Pierre, Pascal Borreli)
  • Fixed bug #60099 (__halt_compiler() works in braced namespaces). (Felipe)
  • Fixed bug #60019 (Function time_nanosleep() is undefined on OS X). (Ilia)
  • Fixed bug #55874 (GCC does not provide __sync_fetch_and_add on some archs). (klightspeed at netspace dot net dot au)
  • Fixed bug #55798 (serialize followed by unserialize with numeric object prop. gives integer prop). (Gustavo)
  • Fixed bug #55749 (TOCTOU issue in getenv() on Windows builds). (Pierre)
  • Fixed bug #55707 (undefined reference to `__sync_fetch_and_add_4' on Linux parisc). (Felipe)
  • Fixed bug #55674 (fgetcsv & str_getcsv skip empty fields in some tab-separated records). (Laruence)
  • Fixed bug #55649 (Undefined function Bug()). (Laruence)
  • Fixed bug #55622 (memory corruption in parse_ini_string). (Pierre)
  • Fixed bug #55576 (Cannot conditionally move uploaded file without race condition). (Gustavo)
  • Fixed bug #55510: $_FILES 'name' missing first character after upload. (Arpad)
  • Fixed bug #55509 (segfault on x86_64 using more than 2G memory). (Laruence)
  • Fixed bug #55504 (Content-Type header is not parsed correctly on HTTP POST request). (Hannes)
  • Fixed bug #55475 (is_a() triggers autoloader, new optional 3rd argument to is_a and is_subclass_of). (alan_k)
  • Fixed bug #52461 (Incomplete doctype and missing xmlns). (virsacer at web dot de, Pierre)
  • Fixed bug #55366 (keys lost when using substr_replace an array). (Arpad)
  • Fixed bug #55273 (base64_decode() with strict rejects whitespace after pad). (Ilia)
  • Fixed bug #52624 (tempnam() by-pass open_basedir with nonnexistent directory). (Felipe)
  • Fixed bug #50982 (incorrect assumption of PAGE_SIZE size). (Dmitry)
  • Fixed invalid free in call_user_method() function. (Felipe)
  • Fixed bug #43200 (Interface implementation / inheritence not possible in abstract classes). (Felipe)
  • BCmath:
  • Fixed bug #60377 (bcscale related crashes on 64bits platforms). (shm)
  • Calendar:
  • Fixed bug #55797 (Integer overflow in SdnToGregorian leads to segfault (in optimized builds). (Gustavo)
  • cURL:
  • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION). (Pierrick)
  • Fixed bug #54798 (Segfault when CURLOPT_STDERR file pointer is closed before calling curl_exec). (Hannes)
  • Fixed issues were curl_copy_handle() would sometimes lose copied preferences. (Hannes)
  • DateTime:
  • Fixed bug #60373 (Startup errors with log_errors on cause segfault). (Derick)
  • Fixed bug #60236 (TLA timezone dates are not converted properly from timestamp). (Derick)
  • Fixed bug #55253 (DateTime::add() and sub() result -1 hour on objects with time zone type 2). (Derick)
  • Fixed bug #54851 (DateTime::createFromFormat() doesn't interpret "D"). (Derick)
  • Fixed bug #53502 (strtotime with timezone memory leak). (Derick)
  • Fixed bug #52062 (large timestamps with DateTime::getTimestamp and DateTime::setTimestamp). (Derick)
  • Fixed bug #51994 (date_parse_from_format is parsing invalid date using 'yz' format). (Derick)
  • Fixed bug #52113 (Seg fault while creating (by unserialization) DatePeriod). (Derick)
  • Fixed bug #48476 (cloning extended DateTime class without calling parent::__constr crashed PHP). (Hannes)
  • EXIF:
  • Fixed bug #60150 (Integer overflow during the parsing of invalid exif header). (Stas, flolechaud at gmail dot com)
  • Fileinfo:
  • Fixed bug #60094 (C++ comment fails in c89). (Laruence)
  • Fixed possible memory leak in finfo_open(). (Felipe)
  • Fixed memory leak when calling the Finfo constructor twice. (Felipe)
  • Filter:
  • Fixed Bug #55478 (FILTER_VALIDATE_EMAIL fails with internationalized domain name addresses containing >1 -). (Ilia)
  • FTP:
  • Fixed bug #60183 (out of sync ftp responses). (bram at ebskamp dot me, rasmus)
  • Gd:
  • Fixed bug #60160 (imagefill() doesn't work correctly for small images). (Florian)
  • Intl:
  • Fixed bug #60192 (SegFault when Collator not constructed properly). (Florian)
  • Fixed memory leak in several Intl locale functions. (Felipe)
  • JSON:
  • Fixed bug #55543 (json_encode() with JSON_NUMERIC_CHECK fails on objects with numeric string properties). (Ilia, dchurch at sciencelogic dot com)
  • mbstring:
  • Fixed possible crash in mb_ereg_search_init() using empty pattern. (Felipe)
  • MS SQL:
  • Fixed bug #60267 (Compile failure with freetds 0.91). (Felipe)
  • MySQL:
  • Fixed bug #55550 (mysql.trace_mode miscounts result sets). (Johannes)
  • MySQLi extension:
  • Fixed bug #55859 (mysqli->stat property access gives error). (Andrey)
  • Fixed bug #55582 (mysqli_num_rows() returns always 0 for unbuffered, when mysqlnd is used). (Andrey)
  • Fixed bug #55703 (PHP crash when calling mysqli_fetch_fields). (eran at zend dot com, Laruence)
  • mysqlnd:
  • Fixed bug #55609 (mysqlnd cannot be built shared). (Johannes)
  • Fixed bug #55067 (MySQL doesn't support compression - wrong config option). (Andrey)
  • NSAPI SAPI:
  • Don't set $_SERVER['HTTPS'] on unsecure connection (bug #55403). (Uwe Schindler)
  • OpenSSL:
  • Fixed bug #60279 (Fixed NULL pointer dereference in stream_socket_enable_crypto, case when ssl_handle of session_stream is not initialized.) (shm)
  • Fix segfault with older versions of OpenSSL. (Scott)
  • Oracle Database extension (OCI8):
  • Fixed bug #59985 (show normal warning text for OCI_NO_DATA). (Chris Jones)
  • Increased maximum Oracle error message buffer length for new 11.2.0.3 size. (Chris Jones)
  • Improve internal initalization failure error messages. (Chris Jones)
  • PDO
  • Fixed bug #55776 (PDORow to session bug). (Johannes)
  • PDO Firebird:
  • Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird). (Mariuz)
  • Fixed bug #47415 (PDO_Firebird segfaults when passing lowercased column name to bindColumn).
  • Fixed bug #53280 (PDO_Firebird segfaults if query column count less than param count). (Mariuz)
  • PDO MySQL driver:
  • Fixed bug #60155 (pdo_mysql.default_socket ignored). (Johannes)
  • Fixed bug #55870 (PDO ignores all SSL parameters when used with mysql native driver). (Pierre)
  • Fixed bug #54158 (MYSQLND+PDO MySQL requires #define MYSQL_OPT_LOCAL_INFILE). (Andrey)
  • PDO OCI driver:
  • Fixed bug #55768 (PDO_OCI can't resume Oracle session after it's been killed). (mikhail dot v dot gavrilov at gmail dot com, Chris Jones, Tony)
  • Phar:
  • Fixed bug #60261 (NULL pointer dereference in phar). (Felipe)
  • Fixed bug #60164 (Stubs of a specific length break phar_open_from_fp scanning for __HALT_COMPILER). (Ralph Schindler)
  • Fixed bug #53872 (internal corruption of phar). (Hannes)
  • Fixed bug #52013 (Unable to decompress files in a compressed phar). (Hannes)
  • PHP-FPM SAPI:
  • Fixed bug #60659 (FPM does not clear auth_user on request accept). (bonbons at linux-vserver dot org)
  • Fixed bug #60629 (memory corruption when web server closed the fcgi fd). (fat)
  • Fixed bug #60179 (php_flag and php_value does not work properly). (fat)
  • Fixed bug #55526 (Heartbeat causes a lot of unnecessary events). (fat)
  • Fixed bug #55533 (The -d parameter doesn't work). (fat)
  • Implemented FR #52569 (Add the "ondemand" process-manager to allow zero children). (fat)
  • Fixed bug #55486 (status show BIG processes number). (fat)
  • Fixed bug #55577 (status.html does not install). (fat)
  • Backported from 5.4 branch (Dropped restriction of not setting the same value multiple times, the last one holds). (giovanni at giacobbi dot net, fat)
  • Backported FR #55166 from 5.4 branch (Added process.max to control the number of process FPM can fork). (fat)
  • Backported FR #55181 from 5.4 branch (Enhance security by limiting access to user defined extensions). (fat)
  • Backported FR #54098 from 5.4 branch (Lowered process manager default value). (fat)
  • Backported FR #52052 from 5.4 branch (Added partial syslog support). (fat)
  • Implemented FR #54577 (Enhanced status page with full status and details about each processes. Also provide a web page (status.html) for real-time FPM status. (fat)
  • Enhance error log when the primary script can't be open. FR #60199. (fat)
  • Added .phar to default authorized extensions. (fat)
  • Postgres:
  • Fixed bug #60244 (pg_fetch_* functions do not validate that row param is >0). (Ilia)
  • Reflection:
  • Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)
  • Session:
  • Fixed bug #55267 (session_regenerate_id fails after header sent). (Hannes)
  • SimpleXML:
  • Reverted the SimpleXML->query() behaviour to returning empty arrays instead of false when no nodes are found as it was since 5.3.3 (bug #48601). (chregu, rrichards)
  • SOAP:
  • Fixed bug #54911 (Access to a undefined member in inherit SoapClient may cause Segmentation Fault). (Dmitry)
  • Fixed bug #48216 (PHP Fatal error: SOAP-ERROR: Parsing WSDL: Extra content at the end of the doc, when server uses chunked transfer encoding with spaces after chunk size). (Dmitry)
  • Fixed bug #44686 (SOAP-ERROR: Parsing WSDL with references). (Dmitry)
  • Sockets:
  • Fixed bug #60048 (sa_len a #define on IRIX). (china at thewrittenword dot com)
  • SPL:
  • Fixed bug #60082 (Crash in ArrayObject() when using recursive references). (Tony)
  • Fixed bug #55807 (Wrong value for splFileObject::SKIP_EMPTY). (jgotti at modedemploi dot fr, Hannes)
  • Fixed bug #54304 (RegexIterator::accept() doesn't work with scalar values). (Hannes)
  • Streams:
  • Fixed bug #60455 (stream_get_line misbehaves if EOF is not detected together with the last read). (Gustavo)
  • Tidy:
  • Fixed bug #54682 (Tidy::diagnose() NULL pointer dereference). (Maksymilian Arciemowicz, Felipe)
  • XSL:
  • Added xsl.security_prefs ini option to define forbidden operations within XSLT stylesheets, default is not to enable write operations. This option won't be in 5.4, since there's a new method. Fixes Bug #54446. (Chregu, Nicolas Gregoire)

New in PHP 5.4.0 RC 5 (January 6th, 2012)

  • Core:
  • Fixed bug #60613 (Segmentation fault with $cls->{expr}() syntax) (Dmitry)
  • Fixed bug #60611 (Segmentation fault with Cls::{expr}() syntax) (Laruence)
  • Fixed bug #55871 (Interruption in substr_replace()) (Stas)
  • Fixed bug #60627 (httpd.worker segfault on startup with php_value) (Laruence)
  • SAPI:
  • Fixed bug #55500 (Corrupted $_FILES indices lead to security concern) (Stas)
  • Fixed bug #54374 (Insufficient validating of upload name leading to corrupted $_FILES indices) (Stas, lekensteyn at gmail dot com)
  • CLI SAPI:
  • Fixed bug #60591 (Memory leak when access a non-exists file) (Laruence)
  • Intl:
  • Fixed build on Fedora 15 / Ubuntu 11 (Hannes)
  • PHP-FPM SAPI:
  • Fixed bug #60629 (memory corruption when web server closed the fcgi fd) (fat)
  • Fixed bug #60659 (FPM does not clear auth_user on request accept) (bonbons at linux-vserver dot org)
  • Improved Session extension:
  • Fixed bug #60640 (invalid return values) (Arpad)
  • Implement FR #60551 (session_set_save_handler should support a core's session handler interface) (Arpad)

New in PHP 5.4.0 RC 4 (December 27th, 2011)

  • Core:
  • Added max_input_vars directive to prevent attacks based on hash collisions (Dmitry).
  • Fixed bug #60536 (Traits Segfault). (Laruence)
  • Fixed bug #60362 (non-existent sub-sub keys should not have values) (Laruence, alan_k, Stas)
  • Fixed bug #60558 (Invalid read and writes). (Laruence)
  • CLI SAPI:
  • Fixed bug #60477 (Segfault after two multipart/form-data POST requests, one 200 RQ and one 404). (Laruence)
  • Fixed bug #60523 (PHP Errors are not reported in browsers using built-in SAPI). (Laruence, Derick)
  • OpenSSL:
  • Fix segfault with older versions of OpenSSL. (Scott)
  • Pdo Firebird:
  • Fixed bug #48877 ("bindValue" and "bindParam" do not work for PDO Firebird) (Mariuz)

New in PHP 5.4.0 RC 3 (December 9th, 2011)

  • Core:
  • Fixed bug #60350 (No string escape code for ESC (ascii 27), normally \e). (php at mickweiss dot com)
  • Fixed bug #60240 (invalid read/writes when unserializing specially crafted strings). (Mike)
  • Implement FR #54514 (Get php binary path during script execution). (Laruence)
  • CLI SAPI:
  • Implement FR #60390 (Missing $_SERVER['SERVER_PORT']). (Pierre)
  • cURL:
  • Fixed bug #60439 (curl_copy_handle segfault when used with CURLOPT_PROGRESSFUNCTION). (Pierrick)
  • Intl:
  • Added support for UTS #46. (Gustavo)
  • OpenSSL:
  • On error in openssl_random_pseudo_bytes() make sure we set strong result to false. (Scott)
  • Reflection:
  • Fixed bug #60367 (Reflection and Late Static Binding). (Laruence)

New in PHP 5.4.0 Beta 2 (October 31st, 2011)

  • Includes new language features and removes several legacy (deprecated) behaviors

New in PHP 5.3.8 (August 24th, 2011)

  • Core: Fixed bug #55439 (crypt() returns only the salt for MD5). (Stas)
  • OpenSSL: Reverted a change in timeout handling restoring PHP 5.3.6 behavior, as the new behavior caused mysqlnd SSL connections to hang ( Bug #55283). (Pierre, Andrey, Johannes)

New in PHP 5.3.6 (March 18th, 2011)

  • Upgraded bundled Sqlite3 to version 3.7.4. (Ilia)
  • Upgraded bundled PCRE to version 8.11. (Ilia)
  • Zend Engine:
  • Indirect reference to $this fails to resolve if direct $this is never used in method. (Scott)
  • Fixed bug numerous crashes due to setlocale (crash on error, pcre, mysql etc.) on Windows in thread safe mode. (Pierre)
  • Added options to debug backtrace functions. (Stas)
  • Fixed bug #53971 (isset() and empty() produce apparently spurious runtime error). (Dmitry)
  • Fixed bug #53958 (Closures can't 'use' shared variables by value and by reference). (Dmitry)
  • Fixed bug #53629 (memory leak inside highlight_string()). (Hannes, Ilia)
  • Fixed bug #51458 (Lack of error context with nested exceptions). (Stas)
  • Fixed bug #47143 (Throwing an exception in a destructor causes a fatal error). (Stas)
  • Fixed bug #43512 (same parameter name can be used multiple times in method/function definition). (Felipe)
  • Core:
  • Added ability to connect to HTTPS sites through proxy with basic authentication using stream_context/http/header/Proxy-Authorization (Dmitry)
  • Changed default value of ini directive serialize_precision from 100 to 17. (Gustavo)
  • Fixed bug #54055 (buffer overrun with high values for precision ini setting). (Gustavo)
  • Fixed bug #53959 (reflection data for fgetcsv out-of-date). (Richard)
  • Fixed bug #53577 (Regression introduced in 5.3.4 in open_basedir with a trailing forward slash). (lekensteyn at gmail dot com, Pierre)
  • Fixed bug #53682 (Fix compile on the VAX). (Rasmus, jklos)
  • Fixed bug #48484 (array_product() always returns 0 for an empty array). (Ilia)
  • Fixed bug #48607 (fwrite() doesn't check reply from ftp server before exiting). (Ilia)
  • Calendar extension:
  • Fixed bug #53574 (Integer overflow in SdnToJulian, sometimes leading to segfault). (Gustavo)
  • DOM extension:
  • Implemented FR #39771 (Made DOMDocument::saveHTML accept an optional DOMNode like DOMDocument::saveXML). (Gustavo)
  • DateTime extension:
  • Fixed a bug in DateTime->modify() where absolute date/time statements had no effect. (Derick)
  • Fixed bug #53729 (DatePeriod fails to initialize recurrences on 64bit big-endian systems). (Derick, [email protected])
  • Fixed bug #52808 (Segfault when specifying interval as two dates). (Stas)
  • Fixed bug #52738 (Can't use new properties in class extended from DateInterval). (Stas)
  • Fixed bug #52290 (setDate, setISODate, setTime works wrong when DateTime created from timestamp). (Stas)
  • Fixed bug #52063 (DateTime constructor's second argument doesn't have a null default value). (Gustavo, Stas)
  • Exif extension:
  • Fixed bug #54002 (crash on crafted tag, reported by Luca Carettoni). (Pierre) (CVE-2011-0708)
  • Filter extension:
  • Fixed bug #53924 (FILTER_VALIDATE_URL doesn't validate port number). (Ilia, Gustavo)
  • Fixed bug #53150 (FILTER_FLAG_NO_RES_RANGE is missing some IP ranges). (Ilia)
  • Fixed bug #52209 (INPUT_ENV returns NULL for set variables (CLI)). (Ilia)
  • Fixed bug #47435 (FILTER_FLAG_NO_RES_RANGE don't work with ipv6). (Ilia, valli at icsurselva dot ch)
  • Fileinfo extension:
  • Fixed bug #54016 (finfo_file() Cannot determine filetype in archives). (Hannes)
  • Gettext
  • Fixed bug #53837 (_() crashes on Windows when no LANG or LANGUAGE environment variable are set). (Pierre)
  • IMAP extension:
  • Implemented FR #53812 (get MIME headers of the part of the email). (Stas)
  • Fixed bug #53377 (imap_mime_header_decode() doesn't ignore \t during long MIME header unfolding). (Adam)
  • Intl extension:
  • Fixed bug #53612 (Segmentation fault when using cloned several intl objects). (Gustavo)
  • Fixed bug #53512 (NumberFormatter::setSymbol crash on bogus $attr values). (Felipe)
  • Implemented clone functionality for number, date & message formatters. (Stas).
  • JSON extension:
  • Fixed bug #53963 (Ensure error_code is always set during some failed decodings). (Scott)
  • mysqlnd
  • Fixed problem with always returning 0 as num_rows for unbuffered sets. (Andrey, Ulf)
  • MySQL Improved extension:
  • Added 'db' and 'catalog' keys to the field fetching functions (FR #39847). (Kalle)
  • Fixed buggy counting of affected rows when using the text protocol. The collected statistics were wrong when multi_query was used with mysqlnd (Andrey)
  • Fixed bug #53795 (Connect Error from MySqli (mysqlnd) when using SSL). (Kalle)
  • Fixed bug #53503 (mysqli::query returns false after successful LOAD DATA query). (Kalle, Andrey)
  • Fixed bug #53425 (mysqli_real_connect() ignores client flags when built to call libmysql). (Kalle, tre-php-net at crushedhat dot com)
  • OpenSSL extension:
  • Fixed stream_socket_enable_crypto() not honoring the socket timeout in server mode. (Gustavo)
  • Fixed bug #54060 (Memory leaks when openssl_encrypt). (Pierre)
  • Fixed bug #54061 (Memory leaks when openssl_decrypt). (Pierre)
  • Fixed bug #53592 (stream_socket_enable_crypto() busy-waits in client mode). (Gustavo)
  • Implemented FR #53447 (Cannot disable SessionTicket extension for servers that do not support it) by adding a no_ticket SSL context option. (Adam, Tony)
  • PDO MySQL driver:
  • Fixed bug #53551 (PDOStatement execute segfaults for pdo_mysql driver). (Johannes)
  • Implemented FR #47802 (Support for setting character sets in DSN strings). (Kalle)
  • PDO Oracle driver:
  • Fixed bug #39199 (Cannot load Lob data with more than 4000 bytes on ORACLE 10). (spatar at mail dot nnov dot ru)
  • PDO PostgreSQL driver:
  • Fixed bug #53517 (segfault in pgsql_stmt_execute() when postgres is down). (gyp at balabit dot hu)
  • Phar extension:
  • Fixed bug #54247 (format-string vulnerability on Phar). (Felipe) (CVE-2011-1153)
  • Fixed bug #53541 (format string bug in ext/phar). (crrodriguez at opensuse dot org, Ilia)
  • Fixed bug #53898 (PHAR reports invalid error message, when the directory does not exist). (Ilia)
  • PHP-FPM SAPI:
  • Enforce security in the fastcgi protocol parsing. (ef-lists at email dotde)
  • Fixed bug #53777 (php-fpm log format now match php_error log format). (fat)
  • Fixed bug #53527 (php-fpm --test doesn't set a valuable return value). (fat)
  • Fixed bug #53434 (php-fpm slowlog now also logs the original request). (fat)
  • Readline extension:
  • Fixed bug #53630 (Fixed parameter handling inside readline() function). (jo at feuersee dot de, Ilia)
  • Reflection extension:
  • Fixed bug #53915 (ReflectionClass::getConstant(s) emits fatal error on constants with self::). (Gustavo)
  • Shmop extension:
  • Fixed bug #54193 (Integer overflow in shmop_read()). (Felipe) Reported by Jose Carlos Norte (CVE-2011-1092)
  • SNMP extension:
  • Fixed bug #51336 (snmprealwalk (snmp v1) does not handle end of OID tree correctly). (Boris Lytochkin)
  • SOAP extension:
  • Fixed possible crash introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
  • SPL extension:
  • Fixed memory leak in DirectoryIterator::getExtension() and SplFileInfo::getExtension(). (Felipe)
  • Fixed bug #53914 (SPL assumes HAVE_GLOB is defined). (Chris Jones)
  • Fixed bug #53515 (property_exists incorrect on ArrayObject null and 0 values). (Felipe)
  • Added SplFileInfo::getExtension(). FR #48767. (Peter Cowburn)
  • SQLite3 extension:
  • Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
  • Fixed memory leak on SQLite3Result and SQLite3Stmt when assigning to a reference. (Felipe)
  • Add SQlite3_Stmt::readonly() for checking if a statement is read only. (Scott)
  • Implemented FR #53466 (SQLite3Result::columnType() should return false after all of the rows have been fetched). (Scott)
  • Streams:
  • Fixed bug #54092 (Segmentation fault when using HTTP proxy with the FTP wrapper). (Gustavo)
  • Fixed bug #53913 (Streams functions assume HAVE_GLOB is defined). (Chris Jones)
  • Fixed bug #53903 (userspace stream stat callback does not separate the elements of the returned array before converting them). (Gustavo)
  • Implemented FR #26158 (open arbitrary file descriptor with fopen). (Gustavo)
  • Tokenizer Extension
  • Fixed bug #54089 (token_get_all() does not stop after __halt_compiler). (Ilia)
  • XSL extension:
  • Fixed memory leaked introduced by the NULL poisoning patch. (Mateusz Kocielski, Pierre)
  • Zip extension:
  • Added the filename into the return value of stream_get_meta_data(). (Hannes)
  • Fixed bug #53923 (Zip functions assume HAVE_GLOB is defined). (Adam)
  • Fixed bug #53893 (Wrong return value for ZipArchive::extractTo()). (Pierre)
  • Fixed bug #53885 (ZipArchive segfault with FL_UNCHANGED on empty archive). (Stas, Maksymilian Arciemowicz). (CVE-2011-0421)
  • Fixed bug #53854 (Missing constants for compression type). (Richard, Adam)
  • Fixed bug #53603 (ZipArchive should quiet stat errors). (brad dot froehle at gmail dot com, Gustavo)
  • Fixed bug #53579 (stream_get_contents() segfaults on ziparchive streams). (Hannes)
  • Fixed bug #53568 (swapped memset arguments in struct initialization). (crrodriguez at opensuse dot org)
  • Fixed bug #53166 (Missing parameters in docs and reflection definition). (Richard)
  • Fixed bug #49072 (feof never returns true for damaged file in zip). (Gustavo, Richard Quadling)

New in PHP 5.3.3 (July 27th, 2010)

  • Security Enhancements and Fixes:
  • Rewrote var_export() to use smart_str rather than output buffering, prevents data disclosure if a fatal error occurs (CVE-2010-2531).
  • Fixed a possible resource destruction issues in shm_put_var().
  • Fixed a possible information leak because of interruption of XOR operator.
  • Fixed a possible memory corruption because of unexpected call-time pass by refernce and following memory clobbering through callbacks.
  • Fixed a possible memory corruption in ArrayObject::uasort().
  • Fixed a possible memory corruption in parse_str().
  • Fixed a possible memory corruption in pack().
  • Fixed a possible memory corruption in substr_replace().
  • Fixed a possible memory corruption in addcslashes().
  • Fixed a possible stack exhaustion inside fnmatch().
  • Fixed a possible dechunking filter buffer overflow.
  • Fixed a possible arbitrary memory access inside sqlite extension.
  • Fixed string format validation inside phar extension.
  • Fixed handling of session variable serialization on certain prefix characters.
  • Fixed a NULL pointer dereference when processing invalid XML-RPC requests (Fixes CVE-2010-0397, bug #51288).
  • Fixed SplObjectStorage unserialization problems (CVE-2010-2225).
  • Fixed possible buffer overflows in mysqlnd_list_fields, mysqlnd_change_user.
  • Fixed possible buffer overflows when handling error packets in mysqlnd.
  • Key enhancements:
  • Upgraded bundled sqlite to version 3.6.23.1.
  • Upgraded bundled PCRE to version 8.02.
  • Added FastCGI Process Manager (FPM) SAPI.
  • Added stream filter support to mcrypt extension.
  • Added full_special_chars filter to ext/filter.
  • Fixed a possible crash because of recursive GC invocation.
  • Fixed bug #52238 (Crash when an Exception occured in iterator_to_array).
  • Fixed bug #52041 (Memory leak when writing on uninitialized variable returned from function).
  • Fixed bug #52060 (Memory leak when passing a closure to method_exists()).
  • Fixed bug #52001 (Memory allocation problems after using variable variables).
  • Fixed bug #51723 (Content-length header is limited to 32bit integer with Apache2 on Windows).
  • Fixed bug #48930 (__COMPILER_HALT_OFFSET__ incorrect in PHP >= 5.3).

New in PHP 5.3.2 (March 6th, 2010)

  • Security Fixes:
  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in the session extension identified by Grzegorz Stachowiak. (Ilia)
  • Upgraded bundled sqlite to version 3.6.22. (Ilia)
  • Upgraded bundled libmagic to version 5.03. (Mikko)
  • Upgraded bundled PCRE to version 8.00. (Scott)
  • Updated timezone database to version 2010.3. (Derick)
  • Improved LCG entropy. (Rasmus, Samy Kamkar)
  • Improved crypt support for edge cases (UFC compatibility). (Solar Designer, Joey, Pierre)
  • Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283 (David Soria Parra)
  • Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
  • Changed tidyNode class to disallow manual node creation. (Pierrick)
  • Removed automatic file descriptor unlocking happening on shutdown and/or stream close (on all OSes). (Tony, Ilia)
  • Added libpng 1.4.0 support. (Pierre)
  • Added support for DISABLE_AUTHENTICATOR for imap_open. (Pierre)
  • Added missing host validation for HTTP urls inside FILTER_VALIDATE_URL. (Ilia)
  • Added stream_resolve_include_path(). (Mikko)
  • Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
  • Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
  • Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
  • Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)
  • Added LIBXML_PARSEHUGE constant to override the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
  • Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian)
  • Added Collator::getSortKey for intl extension. (Stas)
  • Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
  • Added support for CURLOPT_CERTINFO. FR #49253. (Linus Nielsen Feltzing )
  • Added client-side server name indication support in openssl. (Arnaud)
  • Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)
  • Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
  • Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
  • Fixed error_log() to be binary safe when using message_type 3. (Jani)
  • Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
  • Fixed memory leak in extension loading when an error occurs on Windows. (Pierre)
  • Fixed safe_mode validation inside tempnam() when the directory path does not end with a /). (Martin Jansen)
  • Fixed a possible open_basedir/safe_mode bypass in session extension identified by Grzegorz Stachowiak. (Ilia)
  • Fixed possible crash when a error/warning is raised during php startup. (Pierre)
  • Fixed possible bad behavior of rename on windows when used with symbolic links or invalid paths. (Pierre)
  • Fixed error output to stderr on Windows. (Pierre)
  • Fixed memory leaks in is_writable/readable/etc on Windows. (Pierre)
  • Fixed memory leaks in the ACL function on Windows. (Pierre)
  • Fixed memory leak in the realpath cache on Windows. (Pierre)
  • Fixed memory leak in zip_close. (Pierre)
  • Fixed crypt's blowfish sanity check of the "setting" string, to reject iteration counts encoded as 36 through 39. (Solar Designer, Joey, Pierre)
  • Fixed bug #51059 (crypt crashes when invalid salt are given). (Pierre)
  • Fixed bug #50952 (allow underscore _ in constants parsed in php.ini files). (Jani)
  • Fixed bug #50940 (Custom content-length set incorrectly in Apache SAPIs). (Brian France, Rasmus)
  • Fixed bug #50930 (Wrong date by php_date.c patch with ancient gcc/glibc versions). (Derick)
  • Fixed bug #50907 (X-PHP-Originating-Script adding two new lines in *NIX). (Ilia)
  • Fixed bug #50859 (build fails with openssl 1.0 due to md2 deprecation). (Ilia, hanno at hboeck dot de)
  • Fixed bug #50847 (strip_tags() removes all tags greater then 1023 bytes long). (Ilia)
  • Fixed bug #50829 (php.ini directive pdo_mysql.default_socket is ignored). (Ilia)
  • Fixed bug #50832 (HTTP fopen wrapper does not support passwordless HTTP authentication). (Jani)
  • Fixed bug #50787 (stream_set_write_buffer() has no effect on socket streams). (vnegrier at optilian dot com, Ilia)
  • Fixed bug #50761 (system.multiCall crashes in xmlrpc extension). (hiroaki dot kawai at gmail dot com, Ilia)
  • Fixed bug #50756 (CURLOPT_FTP_SKIP_PASV_IP does not exist). (Sriram)
  • Fixed bug #50732 (exec() adds single byte twice to $output array). (Ilia)
  • Fixed bug #50728 (All PDOExceptions hardcode 'code' property to 0). (Joey, Ilia)
  • Fixed bug #50723 (Bug in garbage collector causes crash). (Dmitry)
  • Fixed bug #50690 (putenv does not set ENV when the value is only one char). (Pierre)
  • Fixed bug #50680 (strtotime() does not support eighth ordinal number). (Ilia)
  • Fixed bug #50661 (DOMDocument::loadXML does not allow UTF-16). (Rob)
  • Fixed bug #50657 (copy() with an empty (zero-byte) HTTP source succeeds but returns false). (Ilia)
  • Fixed bug #50632 (filter_input() does not return default value if the variable does not exist). (Ilia)
  • Fixed bug #50576 (XML_OPTION_SKIP_TAGSTART option has no effect). (Pierrick)
  • Fixed bug #50558 (Broken object model when extending tidy). (Pierrick)
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
  • Fixed bug #50519 (segfault in garbage collection when using set_error_handler and DomDocument). (Dmitry)
  • Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
  • Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram)
  • Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe)
  • Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
  • Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
  • Fixed bug #50416 (PROCEDURE db.myproc can't return a result set in the given context). (Andrey)
  • Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
  • Fixed bug #50351 (performance regression handling objects, ten times slowerin 5.3 than in 5.2). (Dmitry)
  • Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u' format character). (Ilia)
  • Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
  • Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
  • Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
  • Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
  • Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
  • Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
  • Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
  • Fixed bug #50266 (conflicting types for llabs). (Jani)
  • Fixed bug #50261 (Crash When Calling Parent Constructor with call_user_func()). (Dmitry)
  • Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
  • Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used if it is empty). (foutrelis at gmail dot com, Ilia)
  • Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when mysqlnd is enabled). (Jani)
  • Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
  • Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT). (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
  • Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
  • Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
  • Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas)
  • Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
  • Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
  • Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
  • Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existant file). (Dmitry)
  • Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
  • Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
  • Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
  • Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not property_exists). (Felipe)
  • Fixed bug #50146 (property_exists: Closure object cannot have properties). (Felipe)
  • Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
  • Fixed bug #50140 (With default compilation option, php symbols are unresolved for nsapi). (Uwe Schindler)
  • Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
  • Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
  • Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
  • Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
  • Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)
  • Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
  • Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
  • Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick)
  • Fixed bug #49921 (Curl post upload functions changed). (Ilia)
  • Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
  • Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
  • Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia)
  • Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl)
  • Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
  • Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)
  • Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
  • Fixed bug #49647 (DOMUserData does not exist). (Rob)
  • Fixed bug #49600 (imageTTFText text shifted right). (Takeshi Abe)
  • Fixed bug #49585 (date_format buffer not long enough for >4 digit years). (Derick, Adam)
  • Fixed bug #49560 (oci8: using LOBs causes slow PHP shutdown). (Oracle Corp.)
  • Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)
  • Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)
  • Fixed bug #49463 (setAttributeNS fails setting default namespace). (Rob)
  • Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
  • Fixed bug #49224 (Compile error due to old DNS functions on AIX systems). (Scott)
  • Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
  • Fixed bug #48811 (Directives in PATH section do not get applied to subdirectories). (Patch by: ct at swin dot edu dot au)
  • Fixed bug #48590 (SoapClient does not honor max_redirects). (Sriram)
  • Fixed bug #48190 (Content-type parameter "boundary" is not case-insensitive in HTTP uploads). (Ilia)
  • Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
  • Fixed bug #47409 (extract() problem with array containing word "this"). (Ilia, chrisstocktonaz at gmail dot com)
  • Fixed bug #47281 ($php_errormsg is limited in size of characters) (Oracle Corp.)
  • Fixed bug #46478 (htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
  • Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
  • Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
  • Fixed bug #44827 (define() allows :: in constant names). (Ilia)
  • Fixed bug #44098 (imap_utf8() returns only capital letters). (steffen at dislabs dot de, Pierre)
  • Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

New in PHP 5.3.2 RC1 (December 23rd, 2009)

  • Upgraded bundled sqlite to version 3.6.21. (Ilia)
  • Upgraded bundled PCRE to version 8.00. (Scott)
  • Changed gmp_strval() to use full range from 2 to 62, and -2 to -36. FR #50283 (David Soria Parra)
  • Changed "post_max_size" php.ini directive to allow unlimited post size by setting it to 0. (Rasmus)
  • Added INTERNALDATE support to imap_append. (nick at mailtrust dot com)
  • Added support for SHA-256 and SHA-512 to php's crypt. (Pierre)
  • Added realpath_cache_size() and realpath_cache_get() functions. (Stas)
  • Added FILTER_FLAG_STRIP_BACKTICK option to the filter extension. (Ilia)
  • Added protection for $_SESSION from interrupt corruption and improved "session.save_path" check. (Stas)
  • Added LIBXML_PARSEHUGE constant to override the maximum text size of a single text node when using libxml2.7.3+. (Kalle)
  • Added ReflectionMethod::setAccessible() for invoking non-public methods through the Reflection API. (Sebastian)
  • Added Collator::getSortKey for intl extension. (Stas)
  • Added support for CURLOPT_POSTREDIR. FR #49571. (Sriram Natarajan)
  • Added support for CURLOPT_CERTINFO. FR #49253. (Linus Nielsen Feltzing )
  • Added client-side server name indication support in openssl. (Arnaud)
  • Improved fix for bug #50006 (Segfault caused by uksort()). (Stas)
  • Fixed mysqlnd hang when queries exactly 16777214 bytes long are sent. (Andrey)
  • Fixed incorrect decoding of 5-byte BIT sequences in mysqlnd. (Andrey)
  • Fixed error_log() to be binary safe when using message_type 3. (Jani)
  • Fixed unnecessary invocation of setitimer when timeouts have been disabled. (Arvind Srinivasan)
  • Fixed memory leak in extension loading when an error occurs on Windows. (Pierre)
  • Fixed bug #50540 (Crash while running ldap_next_reference test cases). (Sriram)
  • Fixed bug #50508 (compile failure: Conflicting HEADER type declarations). (Jani)
  • Fixed bug #50496 (Use of is valid only in a c99 compilation environment. (Sriram)
  • Fixed bug #50464 (declare encoding doesn't work within an included file). (Felipe)
  • Fixed bug #50458 (PDO::FETCH_FUNC fails with Closures). (Felipe, Pierrick)
  • Fixed bug #50445 (PDO-ODBC stored procedure call from Solaris 64-bit causes seg fault). (davbrown4 at yahoo dot com, Felipe)
  • Fixed bug #50394 (Reference argument converted to value in __call). (Stas)
  • Fixed bug #50351 (performance regression handling objects, ten times slower in 5.3 than in 5.2). (Dmitry)
  • Fixed bug #50392 (date_create_from_format() enforces 6 digits for 'u' format character). (Ilia)
  • Fixed bug #50345 (nanosleep not detected properly on some solaris versions). (Jani)
  • Fixed bug #50340 (php.ini parser does not allow spaces in ini keys). (Jani)
  • Fixed bug #50334 (crypt ignores sha512 prefix). (Pierre)
  • Fixed bug #50323 (Allow use of ; in values via ;; in PDO DSN). (Ilia, Pierrick)
  • Fixed bug #50285 (xmlrpc does not preserve keys in encoded indexed arrays). (Felipe)
  • Fixed bug #50282 (xmlrpc_encode_request() changes object into array in calling function). (Felipe)
  • Fixed bug #50267 (get_browser(null) does not use HTTP_USER_AGENT). (Jani)
  • Fixed bug #50266 (conflicting types for llabs). (Jani)
  • Fixed bug #50261 (Crash When Calling Parent Constructor with call_user_func()). (Dmitry)
  • Fixed bug #50255 (isset() and empty() silently casts array to object). (Felipe)
  • Fixed bug #50240 (pdo_mysql.default_socket in php.ini shouldn't used if it is empty). (foutrelis at gmail dot com, Ilia)
  • Fixed bug #50231 (Socket path passed using --with-mysql-sock is ignored when mysqlnd is enabled). (Jani)
  • Fixed bug #50219 (soap call Segmentation fault on a redirected url). (Pierrick)
  • Fixed bug #50212 (crash by ldap_get_option() with LDAP_OPT_NETWORK_TIMEOUT). (Ilia, shigeru_kitazaki at cybozu dot co dot jp)
  • Fixed bug #50209 (Compiling with libedit cannot find readline.h). (tcallawa at redhat dot com)
  • Fixed bug #50207 (segmentation fault when concatenating very large strings on 64bit linux). (Ilia)
  • Fixed bug #50196 (stream_copy_to_stream() produces warning when source is not file). (Stas)
  • Fixed bug #50195 (pg_copy_to() fails when table name contains schema. (Ilia)
  • Fixed bug #50185 (ldap_get_entries() return false instead of an empty array when there is no error). (Jani)
  • Fixed bug #50174 (Incorrectly matched docComment). (Felipe)
  • Fixed bug #50168 (FastCGI fails with wrong error on HEAD request to non-existant file). (Dmitry)
  • Fixed bug #50162 (Memory leak when fetching timestamp column from Oracle database). (Felipe)
  • Fixed bug #50159 (wrong working directory in symlinked files). (Dmitry)
  • Fixed bug #50158 (FILTER_VALIDATE_EMAIL fails with valid addresses containing = or ?). (Pierrick)
  • Fixed bug #50152 (ReflectionClass::hasProperty behaves like isset() not property_exists). (Felipe)
  • Fixed bug #50146 (property_exists: Closure object cannot have properties). (Felipe)
  • Fixed bug #50145 (crash while running bug35634.phpt). (Felipe)
  • Fixed bug #50140 (With default compilation option, php symbols are unresolved for nsapi). (Uwe Schindler)
  • Fixed bug #50087 (NSAPI performance improvements). (Uwe Schindler)
  • Fixed bug #50073 (parse_url() incorrect when ? in fragment). (Ilia)
  • Fixed bug #50023 (pdo_mysql doesn't use PHP_MYSQL_UNIX_SOCK_ADDR). (Ilia)
  • Fixed bug #50005 (Throwing through Reflection modified Exception object makes segmentation fault). (Felipe)
  • Fixed bug #49990 (SNMP3 warning message about security level printed twice). (Jani)
  • Fixed bug #49985 (pdo_pgsql prepare() re-use previous aborted transaction). (ben dot pineau at gmail dot com, Ilia, Matteo)
  • Fixed bug #49938 (Phar::isBuffering() returns inverted value). (Greg)
  • Fixed bug #49936 (crash with ftp stream in php_stream_context_get_option()). (Pierrick)
  • Fixed bug #49921 (Curl post upload functions changed). (Ilia)
  • Fixed bug #49866 (Making reference on string offsets crashes PHP). (Dmitry)
  • Fixed bug #49855 (import_request_variables() always returns NULL). (Ilia, sjoerd at php dot net)
  • Fixed bug #49851, #50451 (http wrapper breaks on 1024 char long headers). (Ilia)
  • Fixed bug #49800 (SimpleXML allow (un)serialize() calls without warning). (Ilia, wmeler at wp-sa dot pl)
  • Fixed bug #49719 (ReflectionClass::hasProperty returns true for a private property in base class). (Felipe)
  • Fixed bug #49677 (ini parser crashes with apache2 and using ${something} ini variables). (Jani)
  • Fixed bug #49660 (libxml 2.7.3+ limits text nodes to 10MB). (Felipe)
  • Fixed bug #49647 (DOMUserData does not exist). (Rob)
  • Fixed bug #49521 (PDO fetchObject sets values before calling constructor). (Pierrick)
  • Fixed bug #49472 (Constants defined in Interfaces can be overridden). (Felipe)
  • Fixed bug #49244 (Floating point NaN cause garbage characters). (Sjoerd)
  • Fixed bug #49224 (Compile error due to old DNS functions on AIX systems). (Scott)
  • Fixed bug #49174 (crash when extending PDOStatement and trying to set queryString property). (Felipe)
  • Fixed bug #47848 (importNode doesn't preserve attribute namespaces). (Rob)
  • Fixed bug #46478 (htmlentities() uses obsolete mapping table for character entity references). (Moriyoshi)
  • Fixed bug #45599 (strip_tags() truncates rest of string with invalid attribute). (Ilia, hradtke)
  • Fixed bug #45120 (PDOStatement->execute() returns true then false for same statement). (Pierrick)
  • Fixed bug #34852 (Failure in odbc_exec() using oracle-supplied odbc driver). (tim dot tassonis at trivadis dot com)

New in PHP 5.3.1 (December 8th, 2009)

  • Security Fixes
  • Added "max_file_uploads" INI directive, which can be set to limit the number of file uploads per-request to 20 by default, to prevent possible DOS via temporary file exhaustion. (Ilia)
  • Added missing sanity checks around exif processing. (Ilia)
  • Fixed a safe_mode bypass in tempnam(). (Rasmus)
  • Fixed a open_basedir bypass in posix_mkfifo(). (Rasmus)
  • Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
  • Added error constant when json_encode() detects an invalid UTF-8 sequence. (Scott)
  • Added support for ACL on Windows for thread safe SAPI (Apache2 for example) and fix its support on NTS. (Pierre)
  • Upgraded bundled sqlite to version 3.6.19. (Scott)
  • Updated timezone database to version 2009.17 (2009q). (Derick)
  • Fixed crash in com_print_typeinfo when an invalid typelib is given. (Pierre)
  • Fixed a safe_mode bypass in tempnam() identified by Grzegorz Stachowiak. (Rasmus)
  • Fixed a open_basedir bypass in posix_mkfifo() identified by Grzegorz Stachowiak. (Rasmus)
  • Fixed certificate validation inside php_openssl_apply_verification_policy (Ryan Sleevi, Ilia)
  • Fixed crash in SQLiteDatabase::ArrayQuery() and SQLiteDatabase::SingleQuery() when calling using Reflection. (Felipe)
  • Fixed crash when instantiating PDORow and PDOStatement through Reflection. (Felipe)
  • Fixed sanity check for the color index in imagecolortransparent. (Pierre)
  • Fixed scandir/readdir when used mounted points on Windows. (Pierre)
  • Fixed zlib.deflate compress filter to actually accept level parameter. (Jani)
  • Fixed leak on error in popen/exec (and related functions) on Windows. (Pierre)
  • Fixed possible bad caching of symlinked directories in the realpath cache on Windows. (Pierre)
  • Fixed atime and mtime in stat related functions on Windows. (Pierre)
  • Fixed spl_autoload_unregister/spl_autoload_functions wrt. Closures and Functors. (Christian Seiler)
  • Fixed open_basedir circumvention for "mail.log" ini directive. (Maksymilian Arciemowicz, Stas)
  • Fixed signature generation/validation for zip archives in ext/phar. (Greg)
  • Fixed memory leak in stream_is_local(). (Felipe, Tony)
  • Fixed BC break in mime_content_type(), removes the content encoding. (Scott)
  • Changed ini file directives [PATH=](on Win32) and [HOST=](on all) to be case insensitive (garretts)
  • Restored shebang line check to CGI sapi (not checked by scanner anymore). (Jani)
  • Improve symbolic, mounted volume and junctions support for realpath on Windows. (Pierre)
  • Improved readlink on Windows, suppress ?? and use the drive syntax only. (Pierre)
  • Improved dns_get_record() AAAA support on windows. Always available when IPv6 is support is installed, format is now the same than on unix. (Pierre)
  • Improved the DNS functions on OSX to use newer APIs, also use Bind 9 API where available on other platforms. (Scott)
  • Improved shared extension loading on OSX to use the standard Unix dlopen() API. (Scott)
  • Fixed bug #50063 (safe_mode_include_dir fails). (Johannes, christian at elmerot dot se)
  • Fixed bug #50052 (Different Hashes on Windows and Linux on wrong Salt size). (Pierre)
  • Fixed bug #49910 (no support for ././@LongLink for long filenames in phar tar support). (Greg)
  • Fixed bug #49908 (throwing exception in __autoload crashes when interface is not defined). (Felipe)
  • Fixed bug #49847 (exec() fails to return data inside 2nd parameter, given output lines >4095 bytes). (Ilia)
  • Fixed bug #49809 (time_sleep_until() is not available on OpenSolaris). (Jani)
  • Fixed bug #49757 (long2ip() can return wrong value in a multi-threaded applications). (Ilia, Florian Anderiasch)
  • Fixed bug #49738 (calling mcrypt after mcrypt_generic_deinit crashes). (Sriram Natarajan)
  • Fixed bug #49732 (crashes when using fileinfo when timestamp conversion fails). (Pierre)
  • Fixed bug #49698 (Unexpected change in strnatcasecmp()). (Rasmus)
  • Fixed bug #49630 (imap_listscan function missing). (Felipe)
  • Fixed bug #49572 (use of C++ style comments causes build failure). (Sriram Natarajan)
  • Fixed bug #49531 (CURLOPT_INFILESIZE sometimes causes warning "CURLPROTO_FILE cannot be set"). (Felipe)
  • Fixed bug #49517 (cURL's CURLOPT_FILE prevents file from being deleted after fclose). (Ilia)
  • Fixed bug #49470 (FILTER_SANITIZE_EMAIL allows disallowed characters). (Ilia)
  • Fixed bug #49447 (php engine need to correctly check for socket API return status on windows). (Sriram Natarajan)
  • Fixed bug #49391 (ldap.c utilizing deprecated ldap_modify_s). (Ilia)
  • Fixed bug #49361 (wordwrap() wraps incorrectly on end of line boundaries). (Ilia, code-it at mail dot ru)
  • Fixed bug #49372 (segfault in php_curl_option_curl). (Pierre)
  • Fixed bug #49306 (inside pdo_mysql default socket settings are ignored). (Ilia)
  • Fixed bug #49289 (bcmath module doesn't compile with phpize configure). (Jani)
  • Fixed bug #49286 (php://input (php_stream_input_read) is broken). (Jani)
  • Fixed bug #49269 (Ternary operator fails on Iterator object when used inside foreach declaration). (Etienne, Dmitry)
  • Fixed bug #49236 (Missing PHP_SUBST(PDO_MYSQL_SHARED_LIBADD)). (Jani)
  • Fixed bug #49223 (Inconsistency using get_defined_constants). (Garrett)
  • Fixed bug #49193 (gdJpegGetVersionString() inside gd_compact identifies wrong type in declaration). (Ilia)
  • Fixed bug #49183 (dns_get_record does not return NAPTR records). (Pierre)
  • Fixed bug #49144 (Import of schema from different host transmits original authentication details). (Dmitry)
  • Fixed bug #49142 (crash when exception thrown from __tostring()). (David Soria Parra)
  • Fixed bug #49986 (Missing ICU DLLs on windows package). (Pierre)
  • Fixed bug #49132 (posix_times returns false without error). (phpbugs at gunnu dot us)
  • Fixed bug #49125 (Error in dba_exists C code). (jdornan at stanford dot edu)
  • Fixed bug #49122 (undefined reference to mysqlnd_stmt_next_result on compile with --with-mysqli and MySQL 6.0). (Jani)
  • Fixed bug #49108 (2nd scan_dir produces segfault). (Felipe)
  • Fixed bug #49098 (mysqli segfault on error). (Rasmus)
  • Fixed bug #49095 (proc_get_status['exitcode'] fails on win32). (Felipe)
  • Fixed bug #49092 (ReflectionFunction fails to work with functions in fully qualified namespaces). (Kalle, Jani)
  • Fixed bug #49074 (private class static fields can be modified by using reflection). (Jani)
  • Fixed bug #49072 (feof never returns true for damaged file in zip). (Pierre)
  • Fixed bug #49065 ("disable_functions" php.ini option does not work on Zend extensions). (Stas)
  • Fixed bug #49064 (--enable-session=shared does not work: undefined symbol: php_url_scanner_reset_vars). (Jani)
  • Fixed bug #49056 (parse_ini_file() regression in 5.3.0 when using non-ASCII strings as option keys). (Jani)
  • Fixed bug #49052 (context option headers freed too early when using --with-curlwrappers). (Jani)
  • Fixed bug #49047 (The function touch() fails on directories on Windows). (Pierre)
  • Fixed bug #49032 (SplFileObject::fscanf() variables passed by reference). (Jani)
  • Fixed bug #49027 (mysqli_options() doesn't work when using mysqlnd). (Andrey)
  • Fixed bug #49026 (proc_open() can bypass safe_mode_protected_env_vars restrictions). (Ilia)
  • Fixed bug #49012 (phar tar signature algorithm reports as Unknown (0) in getSignature() call). (Greg)
  • Fixed bug #49020 (phar misinterprets ustar long filename standard). (Greg)
  • Fixed bug #49018 (phar tar stores long filenames wit prefix/name reversed). (Greg)
  • Fixed bug #49014 (dechunked filter broken when serving more than 8192 bytes in a chunk). (andreas dot streichardt at globalpark dot com, Ilia)
  • Fixed bug #49000 (PHP CLI in Interactive mode (php -a) crashes when including files from function). (Stas)
  • Fixed bug #48994 (zlib.output_compression does not output HTTP headers when set to a string value). (Jani)
  • Fixed bug #48980 (Crash when compiling with pdo_firebird). (Felipe)
  • Fixed bug #48962 (cURL does not upload files with specified filename). (Ilia)
  • Fixed bug #48929 (Double
  • after HTTP headers when "header" context option is an array). (David Zülke)
  • Fixed bug #48913 (Too long error code strings in pdo_odbc driver). (naf at altlinux dot ru, Felipe)
  • Fixed bug #48912 (Namespace causes unexpected strict behaviour with extract()). (Dmitry)
  • Fixed bug #48909 (Segmentation fault in mysqli_stmt_execute()). (Andrey)
  • Fixed bug #48899 (is_callable returns true even if method does not exist in parent class). (Felipe)
  • Fixed bug #48893 (Problems compiling with Curl). (Felipe)
  • Fixed bug #48872 (string.c: errors: duplicate case values). (Kalle)
  • Fixed bug #48854 (array_merge_recursive modifies arrays after first one). (Felipe)
  • Fixed bug #48805 (IPv6 socket transport is not working). (Ilia)
  • Fixed bug #48802 (printf() returns incorrect outputted length). (Jani)
  • Fixed bug #48880 (Random Appearing open_basedir problem). (Rasmus, Gwynne)
  • Fixed bug #48791 (open office files always reported as corrupted). (Greg)
  • Fixed bug #48788 (RecursiveDirectoryIterator doesn't descend into symlinked directories). (Ilia)
  • Fixed bug #48783 (make install will fail saying phar file exists). (Greg)
  • Fixed bug #48774 (SIGSEGVs when using curl_copy_handle()). (Sriram Natarajan)
  • Fixed bug #48771 (rename() between volumes fails and reports no error on Windows). (Pierre)
  • Fixed bug #48768 (parse_ini_*() crash with INI_SCANNER_RAW). (Jani)
  • Fixed bug #48763 (ZipArchive produces corrupt archive). (dani dot church at gmail dot com, Pierre)
  • Fixed bug #48762 (IPv6 address filter still rejects valid address). (Felipe)
  • Fixed bug #48757 (ReflectionFunction::invoke() parameter issues). (Kalle)
  • Fixed bug #48754 (mysql_close() crash php when no handle specified). (Johannes, Andrey)
  • Fixed bug #48752 (Crash during date parsing with invalid date). (Pierre)
  • Fixed bug #48746 (Unable to browse directories within Junction Points). (Pierre, Kanwaljeet Singla)
  • Fixed bug #48745 (mysqlnd: mysql_num_fields returns wrong column count for mysql_list_fields). (Andrey)
  • Fixed bug #48740 (PHAR install fails when INSTALL_ROOT is not the final install location). (james dot cohen at digitalwindow dot com, Greg)
  • Fixed bug #48733 (CURLOPT_WRITEHEADER|CURLOPT_FILE|CURLOPT_STDERR warns on files that have been opened with r+). (Ilia)
  • Fixed bug #48719 (parse_ini_*(): scanner_mode parameter is not checked for sanity). (Jani)
  • Fixed bug #48718 (FILTER_VALIDATE_EMAIL does not allow numbers in domain components). (Ilia)
  • Fixed bug #48681 (openssl signature verification for tar archives broken). (Greg)
  • Fixed bug #48660 (parse_ini_*(): dollar sign as last character of value fails). (Jani)
  • Fixed bug #48645 (mb_convert_encoding() doesn't understand hexadecimal html-entities). (Moriyoshi)
  • Fixed bug #48637 ("file" fopen wrapper is overwritten when using --with-curlwrappers). (Jani)
  • Fixed bug #48608 (Invalid libreadline version not detected during configure). (Jani)
  • Fixed bug #48400 (imap crashes when closing stream opened with OP_PROTOTYPE flag). (Jani)
  • Fixed bug #48377 (error message unclear on converting phar with existing file). (Greg)
  • Fixed bug #48247 (Infinite loop and possible crash during startup with errors when errors are logged). (Jani)
  • Fixed bug #48198 error: 'MYSQLND_LLU_SPEC' undeclared. Cause for #48780 and #46952 - both fixed too. (Andrey)
  • Fixed bug #48189 (ibase_execute error in return param). (Kalle)
  • Fixed bug #48182 (ssl handshake fails during asynchronous socket connection). (Sriram Natarajan)
  • Fixed bug #48116 (Fixed build with Openssl 1.0). (Pierre, Al dot Smith at aeschi dot ch dot eu dot org)
  • Fixed bug #48057 (Only the date fields of the first row are fetched, others are empty). (info at programmiernutte dot net)
  • Fixed bug #47481 (natcasesort() does not sort extended ASCII characters correctly). (Herman Radtke)
  • Fixed bug #47351 (Memory leak in DateTime). (Derick, Tobias John)
  • Fixed bug #47273 (Encoding bug in SoapServer->fault). (Dmitry)
  • Fixed bug #46682 (touch() afield returns different values on windows). (Pierre)
  • Fixed bug #46614 (Extended MySQLi class gives incorrect empty() result). (Andrey)
  • Fixed bug #46020 (with Sun Java System Web Server 7.0 on HPUX, #define HPUX). (Uwe Schindler)
  • Fixed bug #45905 (imagefilledrectangle() clipping error). (markril at hotmail dot com, Pierre)
  • Fixed bug #45554 (Inconsistent behavior of the u format char). (Derick)
  • Fixed bug #45141 (setcookie will output expires years of >4 digits). (Ilia)
  • Fixed bug #44683 (popen crashes when an invalid mode is passed). (Pierre)
  • Fixed bug #43510 (stream_get_meta_data() does not return same mode as used in fopen). (Jani)
  • Fixed bug #42434 (ImageLine w/ antialias = 1px shorter). (wojjie at gmail dot com, Kalle)
  • Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf)
  • Fixed bug #38091 (Mail() does not use FQDN when sending SMTP helo). (Kalle, Rick Yorgason)
  • Fixed bug #28038 (Sent incorrect RCPT TO commands to SMTP server) (Garrett)
  • Fixed bug #27051 (Impersonation with FastCGI does not exec process as impersonated user). (Pierre)
  • Fixed PECL bug #16842 (oci_error return false when NO_DATA_FOUND is raised). (Chris Jones)

New in PHP 5.3.0-3 (July 30th, 2009)

  • Upgraded bundled PCRE to version 7.9. (Nuno)
  • Upgraded bundled sqlite to version 3.6.15. (Scott)
  • Moved extensions to PECL (Derick, Lukas, Pierre, Scott)
  • Removed the experimental RPL (master/slave) functions from mysqli. (Andrey)
  • Removed zend.ze1_compatibility_mode. (Dmitry)
  • Removed all zend_extension_* php.ini directives. Zend extensions are now always loaded using zend_extension directive. (Derick)
  • Removed special treatment of "/tmp" in sessions for open_basedir. Note: This undocumented behaviour was introduced in 5.2.2. (Alexey)
  • Removed shebang line check from CGI sapi (checked by scanner). (Dmitry)
  • Changed PCRE, Reflection and SPL extensions to be always enabled. (Marcus)
  • Changed md5() to use improved implementation. (Solar Designer, Dmitry)
  • Changed HTTP stream wrapper to accept any code between and including 200 to 399 as successful. (Mike, Noah Fontes)
  • Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)
  • Changed dl() to be disabled by default. Enabled only when explicitly registered by the SAPI. Currently enabled with cli, cgi and embed SAPIs. (Dmitry)
  • Changed opendir(), dir() and scandir() to use default context when no context argument is passed. (Sara)
  • Changed open_basedir to allow tightening in runtime contexts. (Sara)
  • Changed PHP/Zend extensions to use flexible build IDs. (Stas)
  • Changed error level E_ERROR into E_WARNING in Soap extension methods parameter validation. (Felipe)
  • Changed openssl info to show the shared library version number. (Scott)
  • Changed floating point behaviour to consistently use double precision on all platforms and with all compilers. (Christian Seiler)
  • Changed round() to act more intuitively when rounding to a certain precision and round very large and very small exponents correctly. (Christian Seiler)
  • Changed session_start() to return false when session startup fails. (Jani)
  • Changed property_exists() to check the existence of a property independent of accessibility (like method_exists()). (Felipe)
  • Changed array_reduce() to allow mixed $initial (Christian Seiler)
  • Improved PHP syntax and semantics:
  • Added lambda functions and closures. (Christian Seiler, Dmitry)
  • Added "jump label" operator (limited "goto"). (Dmitry, Sara)
  • Added NOWDOC syntax. (Gwynne Raskind, Stas, Dmitry)
  • Added HEREDOC syntax with double quotes. (Lars Strojny, Felipe)
  • Added support for using static HEREDOCs to initialize static variables and class members or constants. (Matt)
  • Improved syntax highlighting and consistency for variables in double-quoted strings and literal text in HEREDOCs and backticks. (Matt)
  • Added "?:" operator. (Marcus)
  • Added support for namespaces. (Dmitry, Stas, Gregory, Marcus)
  • Added support for Late Static Binding. (Dmitry, Etienne Kneuss)
  • Added support for __callStatic() magic method. (Sara)
  • Added forward_static_call(_array) to complete LSB. (Mike Lively)
  • Added support for dynamic access of static members using $foo::myFunc(). (Etienne Kneuss)
  • Improved checks for callbacks. (Marcus)
  • Added __DIR__ constant. (Lars Strojny)
  • Added new error modes E_USER_DEPRECATED and E_DEPRECATED. E_DEPRECATED is used to inform about stuff being scheduled for removal in future PHP versions. (Lars Strojny, Felipe, Marcus)
  • Added "request_order" INI variable to control specifically $_REQUEST behavior. (Stas)
  • Added support for exception linking. (Marcus)
  • Added ability to handle exceptions in destructors. (Marcus)
  • Improved PHP runtime speed and memory usage:
  • Substitute global-scope, persistent constants with their values at compile time. (Matt)
  • Optimized ZEND_SIGNED_MULTIPLY_LONG(). (Matt)
  • Removed direct executor recursion. (Dmitry)
  • Use fastcall calling convention in executor on x86. (Dmitry)
  • Use IS_CV for direct access to $this variable. (Dmitry)
  • Use ZEND_FREE() opcode instead of ZEND_SWITCH_FREE(IS_TMP_VAR). (Dmitry)
  • Lazy EG(active_symbol_table) initialization. (Dmitry)
  • Optimized ZEND_RETURN opcode to not allocate and copy return value if it is not used. (Dmitry)
  • Replaced all flex based scanners with re2c based scanners. (Marcus, Nuno, Scott)
  • Added garbage collector. (David Wang, Dmitry).
  • Improved PHP binary size and startup speed with GCC4 visibility control. (Nuno)
  • Improved engine stack implementation for better performance and stability. (Dmitry)
  • Improved memory usage by moving constants to read only memory. (Dmitry, Pierre)
  • Changed exception handling. Now each op_array doesn't contain ZEND_HANDLE_EXCEPTION opcode in the end. (Dmitry)
  • Optimized require_once() and include_once() by eliminating fopen(3) on second usage. (Dmitry)
  • Optimized ZEND_FETCH_CLASS + ZEND_ADD_INTERFACE into single ZEND_ADD_INTERFACE opcode. (Dmitry)
  • Optimized string searching for a single character. (Michal Dziemianko, Scott)
  • Optimized interpolated strings to use one less opcode. (Matt)
  • Improved php.ini handling (Jani):
  • Added ".htaccess" style user-defined php.ini files support for CGI/FastCGI.
  • Added support for special [PATH=/opt/httpd/www.example.com/] and [HOST=www.example.com] sections. Directives set in these sections can not be overridden by user-defined ini-files or during runtime.
  • Added better error reporting for php.ini syntax errors.
  • Allowed using full path to load modules using "extension" directive.
  • Allowed "ini-variables" to be used almost everywhere ini php.ini files.
  • Allowed using alphanumeric/variable indexes in "array" ini options.
  • Added 3rd optional parameter to parse_ini_file() to specify the scanning mode of INI_SCANNER_NORMAL or INI_SCANNER_RAW. In raw mode option values and section values are treated as-is.
  • Fixed get_cfg_var() to be able to return "array" ini options.
  • Added optional parameter to ini_get_all() to only retrieve the current value. (Hannes)
  • Improved Windows support:
  • Update all libraries to their latest stable version. (Pierre, Rob, Liz, Garrett).
  • Added Windows support for stat(), touch(), filemtime(), filesize() and related functions. (Pierre)
  • Re-added socket_create_pair() for Windows in sockets extension. (Kalle)
  • Added inet_pton() and inet_ntop() also for Windows platforms. (Kalle, Pierre)
  • Added mcrypt_create_iv() for Windows platforms. (Pierre)
  • Added ACL Cache support on Windows. (Kanwaljeet Singla, Pierre, Venkat Raman Don)
  • Added constants based on Windows' GetVersionEx information. PHP_WINDOWS_VERSION_* and PHP_WINDOWS_NT_*. (Pierre)
  • Added support for ACL (is_writable, is_readable, reports now correct results) on Windows. (Pierre, Venkat Raman Don, Kanwaljeet Singla)
  • Added support for fnmatch() on Windows. (Pierre)
  • Added support for time_nanosleep() and time_sleep_until() on Windows. (Pierre)
  • Added support for symlink(), readlink(), linkinfo() and link() on Windows. They are available only when the running platform supports them. (Pierre)
  • the GMP extension now relies on MPIR instead of the GMP library. (Pierre)
  • Added Windows support for stream_socket_pair(). (Kalle)
  • Drop all external dependencies for the core features. (Pierre)
  • Drastically improve the build procedure (Pierre, Kalle, Rob)
  • MSI installer now supports all recent Windows versions, including Windows 7. (John, Kanwaljeet Singla)
  • Improved and cleaned CGI code:
  • FastCGI is now always enabled and cannot be disabled. See sapi/cgi/CHANGES for more details. (Dmitry)
  • Added CGI SAPI -T option which can be used to measure execution time of script repeated several times. (Dmitry)
  • Improved streams:
  • Fixed confusing error message on failure when no errors are logged. (Greg)
  • Added stream_supports_lock() function. (Benjamin Schulz)
  • Added context parameter for copy() function. (Sara)
  • Added "glob://" stream wrapper. (Marcus)
  • Added "params" as optional parameter for stream_context_create(). (Sara)
  • Added ability to use stream wrappers in include_path. (Gregory, Dmitry)
  • Improved DNS API
  • Added Windows support for dns_check_record(), dns_get_mx(), checkdnsrr() and getmxrr(). (Pierre)
  • Added support for old style DNS functions (supports OSX and FBSD). (Scott)
  • Added a new "entries" array in dns_check_record() containing the TXT elements. (Felipe, Pierre)
  • Improved hash extension:
  • Changed mhash to be a wrapper layer around the hash extension. (Scott)
  • Added hash_copy() function. (Tony)
  • Added sha224 hash algorithm to the hash extension. (Scott)
  • Improved IMAP support (Pierre):
  • Added imap_gc() to clear the imap cache
  • Added imap_utf8_to_mutf7() and imap_mutf7_to_utf8()
  • Improved mbstring extension:
  • Added "mbstring.http_output_conv_mimetypes" INI directive that allows common non-text types such as "application/xhtml+xml" to be converted by mb_output_handler(). (Moriyoshi)
  • Improved OCI8 extension (Chris Jones/Oracle Corp.):
  • Added Database Resident Connection Pooling (DRCP) and Fast Application Notification (FAN) support.
  • Added support for Oracle External Authentication (not supported on Windows).
  • Improve persistent connection handling of restarted DBs.
  • Added SQLT_AFC (aka CHAR datatype) support to oci_bind_by_name.
  • Fixed bug #45458 (Numeric keys for associative arrays are not handled properly)
  • Fixed bug #41069 (Segmentation fault with query over DB link).
  • Fixed define of SQLT_BDOUBLE and SQLT_BFLOAT constants with Oracle 10g ORACLE_HOME builds.
  • Changed default value of oci8.default_prefetch from 10 to 100.
  • Fixed PECL bug #16035 (OCI8: oci_connect without ORACLE_HOME defined causes segfault) (Chris Jones/Oracle Corp.)
  • Fixed PECL bug #15988 (OCI8: sqlnet.ora isn't read with older Oracle libraries) (Chris Jones/Oracle Corp.)
  • Fixed PECL bug #14268 (Allow "pecl install oci8" command to "autodetect" an Instant Client RPM install) (Chris Jones/Oracle Corp.)
  • Fixed PECL bug #12431 (OCI8 ping functionality is broken).
  • Allow building (e.g from PECL) the PHP 5.3-based OCI8 code with PHP 4.3.9 onwards.
  • Provide separate extensions for Oracle 11g and 10g on Windows. (Pierre, Chris)
  • Improved OpenSSL extension:
  • Added support for OpenSSL digest and cipher functions. (Dmitry)
  • Added access to internal values of DSA, RSA and DH keys. (Dmitry)
  • Fixed a memory leak on openssl_decrypt(). (Henrique)
  • Fixed segfault caused by openssl_pkey_new(). (Henrique)
  • Fixed bug caused by uninitilized variables in openssl_pkcs7_encrypt() and openssl_pkcs7_sign(). (Henrique)
  • Fixed error message in openssl_seal(). (Henrique)
  • Improved pcntl extension (Arnaud):
  • Added pcntl_signal_dispatch().
  • Added pcntl_sigprocmask().
  • Added pcntl_sigwaitinfo().
  • Added pcntl_sigtimedwait().
  • Improved SOAP extension:
  • Added support for element names in context of XMLSchema's . (Dmitry)
  • Added ability to use Traversable objects instead of plain arrays. (Joshua Reese, Dmitry)
  • Fixed possible crash bug caused by an uninitialized value. (Zdash Urf)
  • Improved SPL extension:
  • Added SPL to list of standard extensions that cannot be disabled. (Marcus)
  • Added ability to store associative information with objects in SplObjectStorage. (Marcus)
  • Added ArrayAccess support to SplObjectStorage. (Marcus)
  • Added SplDoublyLinkedList, SplStack, SplQueue classes. (Etienne)
  • Added FilesystemIterator. (Marcus)
  • Added GlobIterator. (Marcus)
  • Added SplHeap, SplMinHeap, SplMaxHeap, SplPriorityQueue classes. (Etienne)
  • Added new parameter $prepend to spl_autoload_register(). (Etienne)
  • Added SplFixedArray. (Etienne, Tony)
  • Added delaying exceptions in SPL's autoload mechanism. (Marcus)
  • Added RecursiveTreeIterator. (Arnaud, Marcus)
  • Added MultipleIterator. (Arnaud, Marcus, Johannes)
  • Improved Zend Engine:
  • Added "compact" handler for Zend MM storage. (Dmitry)
  • Added "+" and "*" specifiers to zend_parse_parameters(). (Andrei)
  • Added concept of "delayed early binding" that allows opcode caches to perform class declaration (early and/or run-time binding) in exactly the same order as vanilla PHP. (Dmitry)
  • Improved crypt() function (Pierre):
  • Added Blowfish and extended DES support. (Using Blowfish implementation from Solar Designer).
  • Made crypt features portable by providing our own implementations for crypt_r and the algorithms which are used when OS does not provide them. PHP implementations are always used for Windows builds.
  • Deprecated session_register(), session_unregister() and session_is_registered(). (Hannes)
  • Deprecated define_syslog_variables(). (Kalle)
  • Deprecated ereg extension. (Felipe)
  • Added new extensions:
  • Added Enchant extension as a way to access spell checkers. (Pierre)
  • Added fileinfo extension as replacement for mime_magic extension. (Derick)
  • Added intl extension for Internationalization. (Ed B., Vladimir I., Dmitry L., Stanislav M., Vadim S., Kirti V.)
  • Added mysqlnd extension as replacement for libmysql for ext/mysql, mysqli and PDO_mysql. (Andrey, Johannes, Ulf)
  • Added phar extension for handling PHP Archives. (Greg, Marcus, Steph)
  • Added SQLite3 extension. (Scott)
  • Added new date/time functionality: (Derick)
  • date_parse_from_format(): Parse date/time strings according to a format.
  • date_create_from_format()/DateTime::createFromFormat(): Create a date/time object by parsing a date/time string according to a given format.
  • date_get_last_errors()/DateTime::getLastErrors(): Return a list of warnings and errors that were found while parsing a date/time string through.
  • support for abbreviation and offset based timezone specifiers for the 'e' format specifier, DateTime::__construct(), DateTime::getTimeZone() and DateTimeZone::getName().
  • support for selectively listing timezone identifiers by continent or country code through timezone_identifiers_list() / DateTimezone::listIdentifiers().
  • timezone_location_get() / DateTimezone::getLocation() for retrieving location information from timezones.
  • date_timestamp_set() / DateTime::setTimestamp() to set a Unix timestamp without invoking the date parser. (Scott, Derick)
  • date_timestamp_get() / DateTime::getTimestamp() to retrieve the Unix timestamp belonging to a date object.
  • two optional parameters to timezone_transitions_get() / DateTimeZone::getTranstions() to limit the range of transitions being returned.
  • support for "first/last day of " style texts.
  • support for date/time strings returned by MS SQL.
  • support for serialization and unserialization of DateTime objects.
  • support for diffing date/times through date_diff() / DateTime::diff().
  • support for adding/subtracting weekdays with strtotime() and DateTime::modify().
  • DateInterval class to represent the difference between two date/times.
  • support for parsing ISO intervals for use with DateInterval.
  • date_add() / DateTime::add(), date_sub() / DateTime::sub() for applying an interval to an existing date/time.
  • proper support for "this week", "previous week"/"last week" and "next week" phrases so that they actually mean the week and not a seven day period around the current day.
  • support for " of" and "last of" phrases to be used with months - like in "last saturday of februari 2008".
  • support for "back of " and "front of " phrases that are used in Scotland.
  • DatePeriod class which supports iterating over a DateTime object applying DateInterval on each iteration, up to an end date or limited by maximum number of occurences.
  • Added compatibility mode in GD, imagerotate, image(filled)ellipse imagefilter, imageconvolution and imagecolormatch are now always enabled. (Pierre)
  • Added array_replace() and array_replace_recursive() functions. (Matt)
  • Added ReflectionProperty::setAccessible() method that allows non-public property's values to be read through ::getValue() and set through ::setValue(). (Derick, Sebastian)
  • Added msg_queue_exists() function to sysvmsg extension. (Benjamin Schulz)
  • Added Firebird specific attributes that can be set via PDO::setAttribute() to control formatting of date/timestamp columns: PDO::FB_ATTR_DATE_FORMAT, PDO::FB_ATTR_TIME_FORMAT and PDO::FB_ATTR_TIMESTAMP_FORMAT. (Lars W)
  • Added gmp_testbit() function. (Stas)
  • Added icon format support to getimagesize(). (Scott)
  • Added LDAP_OPT_NETWORK_TIMEOUT option for ldap_set_option() to allow setting network timeout (FR #42837). (Jani)
  • Added optional escape character parameter to fgetcsv(). (David Soria Parra)
  • Added an optional parameter to strstr() and stristr() for retrieval of either the part of haystack before or after first occurrence of needle. (Johannes, Felipe)
  • Added xsl->setProfiling() for profiling stylesheets. (Christian)
  • Added long-option feature to getopt() and made getopt() available also on win32 systems by adding a common getopt implementation into core. (David Soria Parra, Jani)
  • Added support for optional values, and = as separator, in getopt(). (Hannes)
  • Added lcfirst() function. (David C)
  • Added PREG_BAD_UTF8_OFFSET_ERROR constant. (Nuno)
  • Added native support for asinh(), acosh(), atanh(), log1p() and expm1(). (Kalle)
  • Added LIBXML_LOADED_VERSION constant (libxml2 version currently used). (Rob)
  • Added JSON_FORCE_OBJECT flag to json_encode(). (Scott, Richard Quadling)
  • Added timezone_version_get() to retrieve the version of the used timezone database. (Derick)
  • Added 'n' flag to fopen to allow passing O_NONBLOCK to the underlying open(2) system call. (Mikko)
  • Added "dechunk" filter which can decode HTTP responses with chunked transfer-encoding. HTTP streams use this filter automatically in case "Transfer-Encoding: chunked" header is present in response. It's possible to disable this behaviour using "http"=>array("auto_decode"=>0) in stream context. (Dmitry)
  • Added support for CP850 encoding in mbstring extension. (Denis Giffeler, Moriyoshi)
  • Added stream_cast() and stream_set_options() to user-space stream wrappers, allowing stream_select(), stream_set_blocking(), stream_set_timeout() and stream_set_write_buffer() to work with user-space stream wrappers. (Arnaud)
  • Added header_remove() function. (chsc at peytz dot dk, Arnaud)
  • Added stream_context_get_params() function. (Arnaud)
  • Added optional parameter "new" to sybase_connect(). (Timm)
  • Added parse_ini_string() function. (grange at lemonde dot fr, Arnaud)
  • Added str_getcsv() function. (Sara)
  • Added openssl_random_pseudo_bytes() function. (Scott)
  • Added ability to send user defined HTTP headers with SOAP request. (Brian J.France, Dmitry)
  • Added concatenation option to bz2.decompress stream filter. (Keisial at gmail dot com, Greg)
  • Added support for using compressed connections with PDO_mysql. (Johannes)
  • Added the ability for json_decode() to take a user specified depth. (Scott)
  • Added support for the mysql_stmt_next_result() function from libmysql. (Andrey)
  • Added function preg_filter() that does grep and replace in one go. (Marcus)
  • Added system independent realpath() implementation which caches intermediate directories in realpath-cache. (Dmitry)
  • Added optional clear_realpath_cache and filename parameters to clearstatcache(). (Jani, Arnaud)
  • Added litespeed SAPI module. (George Wang)
  • Added ext/hash support to ext/session's ID generator. (Sara)
  • Added quoted_printable_encode() function. (Tony)
  • Added stream_context_set_default() function. (Davey Shafik)
  • Added optional "is_xhtml" parameter to nl2br() which makes the function output when false and when true (FR #34381). (Kalle)
  • Added PHP_MAXPATHLEN constant (maximum length of a path). (Pierre)
  • Added support for SSH via libssh2 in cURL. (Pierre)
  • Added support for gray levels PNG image with alpha in GD extension. (Pierre)
  • Added support for salsa hashing functions in HASH extension. (Scott)
  • Added DOMNode::getLineNo to get line number of parsed node. (Rob)
  • Added table info to PDO::getColumnMeta() with SQLite. (Martin Jansen, Scott)
  • Added mail logging functionality that allows logging of mail sent via mail() function. (Ilia)
  • Added json_last_error() to return any error information from json_decode(). (Scott)
  • Added gethostname() to return the current system host name. (Ilia)
  • Added shm_has_var() function. (Mike)
  • Added depth parameter to json_decode() to lower the nesting depth from the maximum if required. (Scott)
  • Added pixelation support in imagefilter(). (Takeshi Abe, Kalle)
  • Added SplObjectStorage::addAll/removeAll. (Etienne)
  • Implemented FR #41712 (curl progress callback: CURLOPT_PROGRESSFUNCTION). (sdteffen[at]gmail[dot].com, Pierre)
  • Implemented FR #47739 (Missing cURL option do disable IPv6). (Pierre)
  • Implemented FR #39637 (Missing cURL option CURLOPT_FTP_FILEMETHOD). (Pierre)
  • Fixed an issue with ReflectionProperty::setAccessible(). (Sebastian, Roman Borschel)
  • Fixed html_entity_decode() incorrectly converting numeric html entities to different characters with cp1251 and cp866. (Scott)
  • Fixed an issue in date() where a : was printed for the O modifier after a P modifier was used. (Derick)
  • Fixed exec() on Windows to not eat the first and last double quotes. (Scott)
  • Fixed readlink on Windows in thread safe SAPI (apache2.x etc.). (Pierre)
  • Fixed a bug causing miscalculations with the "last of month" relative time string. (Derick)
  • Fixed bug causing the algorithm parameter of mhash() to be modified. (Scott)
  • Fixed invalid calls to free when internal fileinfo magic file is used. (Scott)
  • Fixed memory leak inside wddx_add_vars() function. (Felipe)
  • Fixed check in recode extension to allow builing of recode and mysql extensions when using a recent libmysql. (Johannes)
  • Fixed PECL bug #12794 (PDOStatement->nextRowset() doesn't work). (Johannes)
  • Fixed PECL bug #12401 (Add support for ATTR_FETCH_TABLE_NAMES). (Johannes)
  • Fixed bug #48696 (ldap_read() segfaults with invalid parameters). (Felipe)
  • Fixed bug #48643 (String functions memory issue). (Dmitry)
  • Fixed bug #48641 (tmpfile() uses old parameter parsing). (crrodriguez at opensuse dot org)
  • Fixed bug #48624 (.user.ini never gets parsed). (Pierre)
  • Fixed bug #48620 (X-PHP-Originating-Script assumes no trailing CRLF in existing headers). (Ilia)
  • Fixed bug #48578 (Can't build 5.3 on FBSD 4.11). (Rasmus)
  • Fixed bug #48535 (file_exists returns false when impersonate is used). (Kanwaljeet Singla, Venkat Raman Don)
  • Fixed bug #48493 (spl_autoload_register() doesn't work correctly when prepending functions). (Scott)
  • Fixed bug #48215 (Calling a method with the same name as the parent class calls the constructor). (Scott)
  • Fixed bug #48200 (compile failure with mbstring.c when --enable-zend-multibyte is used). (Jani)
  • Fixed bug #48188 (Cannot execute a scrollable cursors twice with PDO_PGSQL). (Matteo)
  • Fixed bug #48185 (warning: value computed is not used in pdo_sqlite_stmt_get_col line 271). (Matteo)
  • Fixed bug #48087 (call_user_method() invalid free of arguments). (Felipe)
  • Fixed bug #48060 (pdo_pgsql - large objects are returned as empty). (Matteo)
  • Fixed bug #48034 (PHP crashes when script is 8192 (8KB) bytes long). (Dmitry)
  • Fixed bug #48004 (Error handler prevents creation of default object). (Dmitry)
  • Fixed bug #47880 (crashes in call_user_func_array()). (Dmitry)
  • Fixed bug #47856 (stristr() converts needle to lower-case). (Ilia)
  • Fixed bug #47851 (is_callable throws fatal error). (Dmitry)
  • Fixed bug #47816 (pcntl tests failing on NetBSD). (Matteo)
  • Fixed bug #47779 (Wrong value for SIG_UNBLOCK and SIG_SETMASK constants). (Matteo)
  • Fixed bug #47771 (Exception during object construction from arg call calls object's destructor). (Dmitry)
  • Fixed bug #47767 (include_once does not resolve windows symlinks or junctions) (Kanwaljeet Singla, Venkat Raman Don)
  • Fixed bug #47757 (rename JPG to JPEG in phpinfo). (Pierre)
  • Fixed bug #47745 (FILTER_VALIDATE_INT doesn't allow minimum integer). (Dmitry)
  • Fixed bug #47714 (autoloading classes inside exception_handler leads to crashes). (Dmitry)
  • Fixed bug #47671 (Cloning SplObjectStorage instances). (Etienne)
  • Fixed bug #47664 (get_class returns NULL instead of FALSE). (Dmitry)
  • Fixed bug #47662 (Support more than 127 subpatterns in preg_match). (Nuno)
  • Fixed bug #47596 (Bus error on parsing file). (Dmitry)
  • Fixed bug #47572 (Undefined constant causes segmentation fault). (Felipe)
  • Fixed bug #47560 (explode()'s limit parameter odd behaviour). (Matt)
  • Fixed bug #47549 (get_defined_constants() return array with broken array categories). (Ilia)
  • Fixed bug #47535 (Compilation failure in ps_fetch_from_1_to_8_bytes()). (Johannes)
  • Fixed bug #47534 (RecursiveDiteratoryIterator::getChildren ignoring CURRENT_AS_PATHNAME). (Etienne)
  • Fixed bug #47443 (metaphone('scratch') returns wrong result). (Felipe)
  • Fixed bug #47438 (mysql_fetch_field ignores zero offset). (Johannes)
  • Fixed bug #47398 (PDO_Firebird doesn't implements quoter correctly). (Felipe)
  • Fixed bug #47390 (odbc_fetch_into - BC in php 5.3.0). (Felipe)
  • Fixed bug #47359 (Use the expected unofficial mimetype for bmp files). (Scott)
  • Fixed bug #47343 (gc_collect_cycles causes a segfault when called within a destructor in one case). (Dmitry)
  • Fixed bug #47320 ($php_errormsg out of scope in functions). (Dmitry)
  • Fixed bug #47318 (UMR when trying to activate user config). (Pierre)
  • Fixed bug #47243 (OCI8: Crash at shutdown on Windows) (Chris Jones/Oracle Corp.)
  • Fixed bug #47231 (offsetGet error using incorrect offset). (Etienne)
  • Fixed bug #47229 (preg_quote() should escape the '-' char). (Nuno)
  • Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
  • Fixed bug #47087 (Second parameter of mssql_fetch_array()). (Felipe)
  • Fixed bug #47085 (rename() returns true even if the file in PHAR does not exist). (Greg)
  • Fixed bug #47050 (mysqli_poll() modifies improper variables). (Johannes)
  • Fixed bug #47045 (SplObjectStorage instances compared with ==). (Etienne)
  • Fixed bug #47038 (Memory leak in include). (Dmitry)
  • Fixed bug #47031 (Fix constants in DualIterator example). (Etienne)
  • Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked"). (Dmitry)
  • Fixed bug #46994 (OCI8: CLOB size does not update when using CLOB IN OUT param in stored procedure) (Chris Jones/Oracle Corp.)
  • Fixed bug #46979 (use with non-compound name *has* effect). (Dmitry)
  • Fixed bug #46957 (The tokenizer returns deprecated values). (Felipe)
  • Fixed bug #46944 (UTF-8 characters outside the BMP aren't encoded correctly). (Scott)
  • Fixed bug #46897 (ob_flush() should fail to flush unerasable buffers). (David C.)
  • Fixed bug #46849 (Cloning DOMDocument doesn't clone the properties). (Rob)
  • Fixed bug #46847 (phpinfo() is missing some settings). (Hannes)
  • Fixed bug #46844 (php scripts or included files with first line starting with # have the 1st line missed from the output). (Ilia)
  • Fixed bug #46817 (tokenizer misses last single-line comment (PHP 5.3+, with re2c lexer)). (Matt, Shire)
  • Fixed bug #46811 (ini_set() doesn't return false on failure). (Hannes)
  • Fixed bug #46763 (mb_stristr() wrong output when needle does not exist). (Henrique M. Decaria)
  • Fixed bug #46755 (warning: use statement with non-compound name). (Dmitry)
  • Fixed bug #46746 (xmlrpc_decode_request outputs non-suppressable error when given bad data). (Ilia)
  • Fixed bug #46738 (Segfault when mb_detect_encoding() fails). (Scott)
  • Fixed bug #46731 (Missing validation for the options parameter of the imap_fetch_overview() function). (Ilia)
  • Fixed bug #46711 (cURL curl_setopt leaks memory in foreach loops). (magicaltux [at] php [dot] net)
  • Fixed bug #46701 (Creating associative array with long values in the key fails on 32bit linux). (Shire)
  • Fixed bug #46681 (mkdir() fails silently on PHP 5.3). (Hannes)
  • Fixed bug #46653 (can't extend mysqli). (Johannes)
  • Fixed bug #46646 (Restrict serialization on some internal classes like Closure and SplFileInfo using exceptions). (Etienne)
  • Fixed bug #46623 (OCI8: phpinfo doesn't show compile time ORACLE_HOME with phpize) (Chris Jones/Oracle Corp.)
  • Fixed bug #46578 (strip_tags() does not honor end-of-comment when it encounters a single quote). (Felipe)
  • Fixed bug #46546 (Segmentation fault when using declare statement with non-string value). (Felipe)
  • Fixed bug #46542 (Extending PDO class with a __call() function doesn't work as expected). (Johannes)
  • Fixed bug #46421 (SplFileInfo not correctly handling /). (Etienne)
  • Fixed bug #46347 (parse_ini_file() doesn't support * in keys). (Nuno)
  • Fixed bug #46268 (DateTime::modify() does not reset relative time values). (Derick)
  • Fixed bug #46241 (stacked error handlers, internal error handling in general). (Etienne)
  • Fixed bug #46238 (Segmentation fault on static call with empty string method). (Felipe)
  • Fixed bug #46192 (ArrayObject with objects as storage serialization). (Etienne)
  • Fixed bug #46185 (importNode changes the namespace of an XML element). (Rob)
  • Fixed bug #46178 (memory leak in ext/phar). (Greg)
  • Fixed bug #46160 (SPL - Memory leak when exception is thrown in offsetSet). (Felipe)
  • Fixed bug #46147 (after stream seek, appending stream filter reads incorrect data). (Greg)
  • Fixed bug #46127 (php_openssl_tcp_sockop_accept forgets to set context on accepted stream) (Mark Karpeles, Pierre)
  • Fixed bug #46115 (Memory leak when calling a method using Reflection). (Dmitry)
  • Fixed bug #46110 (XMLWriter - openmemory() and openuri() leak memory on multiple calls). (Ilia)
  • Fixed bug #46108 (DateTime - Memory leak when unserializing). (Felipe)
  • Fixed bug #46106 (Memory leaks when using global statement). (Dmitry)
  • Fixed bug #46099 (Xsltprocessor::setProfiling - memory leak). (Felipe, Rob).
  • Fixed bug #46087 (DOMXPath - segfault on destruction of a cloned object). (Ilia)
  • Fixed bug #46048 (SimpleXML top-level @attributes not part of iterator). (David C.)
  • Fixed bug #46044 (Mysqli - wrong error message). (Johannes)
  • Fixed bug #46042 (memory leaks with reflection of mb_convert_encoding()). (Ilia)
  • Fixed bug #46039 (ArrayObject iteration is slow). (Arnaud)
  • Fixed bug #46033 (Direct instantiation of SQLite3stmt and SQLite3result cause a segfault.) (Scott)
  • Fixed bug #45991 (Ini files with the UTF-8 BOM are treated as invalid). (Scott)
  • Fixed bug #45989 (json_decode() doesn't return NULL on certain invalid strings). (magicaltux, Scott)
  • Fixed bug #45976 (Moved SXE from SPL to SimpleXML). (Etienne)
  • Fixed bug #45928 (large scripts from stdin are stripped at 16K border). (Christian Schneider, Arnaud)
  • Fixed bug #45911 (Cannot disable ext/hash). (Arnaud)
  • Fixed bug #45907 (undefined reference to 'PHP_SHA512Init'). (Greg)
  • Fixed bug #45826 (custom ArrayObject serialization). (Etienne)
  • Fixed bug #45820 (Allow empty keys in ArrayObject). (Etienne)
  • Fixed bug #45791 (json_decode() doesn't convert 0e0 to a double). (Scott)
  • Fixed bug #45786 (FastCGI process exited unexpectedly). (Dmitry)
  • Fixed bug #45757 (FreeBSD4.11 build failure: failed include; stdint.h). (Hannes)
  • Fixed bug #45743 (property_exists fails to find static protected member in child class). (Felipe)
  • Fixed bug #45717 (Fileinfo/libmagic build fails, missing err.h and getopt.h). (Derick)
  • Fixed bug #45706 (Unserialization of classes derived from ArrayIterator fails). (Etienne, Dmitry)
  • Fixed bug #45696 (Not all DateTime methods allow method chaining). (Derick)
  • Fixed bug #45682 (Unable to var_dump(DateInterval)). (Derick)
  • Fixed bug #45447 (Filesystem time functions on Vista and server 2008). (Pierre)
  • Fixed bug #45432 (PDO: persistent connection leak). (Felipe)
  • Fixed bug #45392 (ob_start()/ob_end_clean() and memory_limit). (Ilia)
  • Fixed bug #45384 (parse_ini_file will result in parse error with no trailing newline). (Arnaud)
  • Fixed bug #45382 (timeout bug in stream_socket_enable_crypto). (vnegrier at optilian dot com, Ilia)
  • Fixed bug #45044 (relative paths not resolved correctly). (Dmitry)
  • Fixed bug #44861 (scrollable cursor don't work with pgsql). (Matteo)
  • Fixed bug #44842 (parse_ini_file keys that start/end with underscore). (Arnaud)
  • Fixed bug #44575 (parse_ini_file comment # line problems). (Arnaud)
  • Fixed bug #44409 (PDO::FETCH_SERIALIZE calls __construct()). (Matteo)
  • Fixed bug #44173 (PDO->query() parameter parsing/checking needs an update). (Matteo)
  • Fixed bug #44154 (pdo->errorInfo() always have three elements in the returned array). (David C.)
  • Fixed bug #44153 (pdo->errorCode() returns NULL when there are no errors). (David C.)
  • Fixed bug #44135 (PDO MySQL does not support CLIENT_FOUND_ROWS). (Johannes, chx1975 at gmail dot com)
  • Fixed bug #44100 (Inconsistent handling of static array declarations with duplicate keys). (Dmitry)
  • Fixed bug #43831 ($this gets mangled when extending PDO with persistent connection). (Felipe)
  • Fixed bug #43817 (opendir() fails on Windows directories with parent directory unaccessible). (Dmitry)
  • Fixed bug #43069 (SoapClient causes 505 HTTP Version not supported error message). (Dmitry)
  • Fixed bug #43008 (php://filter uris ignore url encoded filternames and can't handle slashes). (Arnaud)
  • Fixed bug #42362 (HTTP status codes 204 and 304 should not be gzipped). (Scott, Edward Z. Yang)
  • Fixed bug #41874 (separate STDOUT and STDERR in exec functions). (Kanwaljeet Singla, Venkat Raman Don, Pierre)
  • Fixed bug #41534 (SoapClient over HTTPS fails to reestablish connection). (Dmitry)
  • Fixed bug #38802 (max_redirects and ignore_errors). (patch by [email protected])
  • Fixed bug #35980 (touch() works on files but not on directories). (Pierre)

New in PHP 5.2.9 (April 4th, 2009)

  • Security Fixes:
  • Fixed security issue in imagerotate(), background colour isn't validated correctly with a non truecolour image. Reported by Hamid Ebadi, APA Laboratory (Fixes CVE-2008-5498). (Scott)
  • Fixed a crash on extract in zip when files or directories entry names contain a relative path. (Pierre)
  • Fixed explode() behavior with empty string to respect negative limit. (Shire)
  • Fixed a segfault when malformed string is passed to json_decode(). (Scott)
  • Fixed bug in xml_error_string() which resulted in messages being off by one. (Scott)
  • Changed __call() to be invoked on private/protected method access, similar to properties and __get(). (Andrei)
  • Added optional sorting type flag parameter to array_unique(). Default is SORT_REGULAR. (Andrei)
  • Fixed zip filename property read. (Pierre)
  • Fixed error conditions handling in stream_filter_append(). (Arnaud)
  • Fixed bug #47422 (modulus operator returns incorrect results on 64 bit linux). (Matt)
  • Fixed bug #47399 (mb_check_encoding() returns true for some illegal SJIS characters). (for-bugs at hnw dot jp, Moriyoshi)
  • Fixed bug #47353 (crash when creating a lot of objects in object destructor). (Tony)
  • Fixed bug #47322 (sscanf %d doesn't work). (Felipe)
  • Fixed bug #47282 (FILTER_VALIDATE_EMAIL is marking valid email addresses as invalid). (Ilia)
  • Fixed bug #47220 (segfault in dom_document_parser in recovery mode). (Rob)
  • Fixed bug #47217 (content-type is not set properly for file uploads). (Ilia)
  • Fixed bug #47174 (base64_decode() interprets pad char in mid string as terminator). (Ilia)
  • Fixed bug #47165 (Possible memory corruption when passing return value by reference). (Dmitry)
  • Fixed bug #47152 (gzseek/fseek using SEEK_END produces strange results). (Felipe)
  • Fixed bug #47131 (SOAP Extension ignores "user_agent" ini setting). (Ilia)
  • Fixed bug #47109 (Memory leak on $a->{"a"."b"} when $a is not an object). (Etienne, Dmitry)
  • Fixed bug #47104 (Linking shared extensions fails with icc). (Jani)
  • Fixed bug #47049 (SoapClient::__soapCall causes a segmentation fault). (Dmitry)
  • Fixed bug #47048 (Segfault with new pg_meta_data). (Felipe)
  • Fixed bug #47042 (PHP cgi sapi is removing SCRIPT_FILENAME for non apache). (Sriram Natarajan)
  • Fixed bug #47037 (No error when using fopen with empty string). (Cristian Rodriguez R., Felipe)
  • Fixed bug #47035 (dns_get_record returns a garbage byte at the end of a TXT record). (Felipe)
  • Fixed bug #47027 (var_export doesn't show numeric indices on ArrayObject). (Derick)
  • Fixed bug #46985 (OVERWRITE and binary mode does not work, regression introduced in 5.2.8). (Pierre)
  • Fixed bug #46973 (IPv6 address filter rejects valid address). (Felipe)
  • Fixed bug #46964 (Fixed pdo_mysql build with older version of MySQL). (Ilia)
  • Fixed bug #46959 (Unable to disable PCRE). (Scott)
  • Fixed bug #46918 (imap_rfc822_parse_adrlist host part not filled in correctly). (Felipe)
  • Fixed bug #46889 (Memory leak in strtotime()). (Derick)
  • Fixed bug #46887 (Invalid calls to php_error_docref()). (oeriksson at mandriva dot com, Ilia)
  • Fixed bug #46873 (extract($foo) crashes if $foo['foo'] exists). (Arnaud)
  • Fixed bug #46843 (CP936 euro symbol is not converted properly). (ty_c at cybozuy dot co dot jp, Moriyoshi)
  • Fixed bug #46798 (Crash in mssql extension when retrieving a NULL value inside a binary or image column type). (Ilia)
  • Fixed bug #46782 (fastcgi.c parse error). (Matt)
  • Fixed bug #46760 (SoapClient doRequest fails when proxy is used). (Felipe)
  • Fixed bug #46748 (Segfault when an SSL error has more than one error). (Scott)
  • Fixed bug #46739 (array returned by curl_getinfo should contain content_type key). (Mikko)
  • Fixed bug #46699 (xml_parse crash when parser is namespace aware). (Rob)
  • Fixed bug #46419 (Elements of associative arrays with NULL value are lost). (Dmitry)
  • Fixed bug #46282 (Corrupt DBF When Using DATE). (arne at bukkie dot nl)
  • Fixed bug #46026 (bz2.decompress/zlib.inflate filter tries to decompress after end of stream). (Greg)
  • Fixed bug #46005 (User not consistently logged under Apache2). (admorten at umich dot edu, Stas)
  • Fixed bug #45996 (libxml2 2.7 causes breakage with character data in xml_parse()). (Rob)
  • Fixed bug #45940 (MySQLI OO does not populate connect_error property on failed connect). (Johannes)
  • Fixed bug #45923 (mb_st[r]ripos() offset not handled correctly). (Moriyoshi)
  • Fixed bug #45327 (memory leak if offsetGet throws exception). (Greg)
  • Fixed bug #45239 (Encoding detector hangs with mbstring.strict_detection enabled). (Moriyoshi)
  • Fixed bug #45161 (Reusing a curl handle leaks memory). (Mark Karpeles, Jani)
  • Fixed bug #44336 (Improve pcre UTF-8 string matching performance). (frode at coretrek dot com, Nuno)
  • Fixed bug #43841 (mb_strrpos() offset is byte count for negative values). (Moriyoshi)
  • Fixed bug #37209 (mssql_execute with non fatal errors). (Kalle)
  • Fixed bug #35975 (Session cookie expires date format isn't the most compatible. Now matches that of setcookie()). (Scott)

New in PHP 5.2.8 (December 28th, 2008)

  • Reverted bug fix Fixed bug #42718 that broke magic_quotes_gpc (Scott)

New in PHP 5.2.7 (December 28th, 2008)

  • Security Fixes:
  • Upgraded PCRE to version 7.8 (Fixes CVE-2008-2371) (Ilia)
  • Fixed missing initialization of BG(page_uid) and BG(page_gid), reported by Maksymilian Arciemowicz. (Stas)
  • Fixed incorrect php_value order for Apache configuration, reported by Maksymilian Arciemowicz. (Stas)
  • Fixed a crash inside gd with invalid fonts (Fixes CVE-2008-3658). (Pierre)
  • Fixed a possible overflow inside memnstr (Fixes CVE-2008-3659). (Laurent Gaffie)
  • Fixed security issues detailed in CVE-2008-2665 and CVE-2008-2666. (Christian Hoffmann)
  • Fixed bug #45151 (Crash with URI/file..php (filename contains 2 dots)).(Fixes CVE-2008-3660) (Dmitry)
  • Fixed bug #42862 (IMAP toolkit crash: rfc822.c legacy routine buffer overflow). (Fixes CVE-2008-2829) (Dmitry)
  • Updated timezone database to version 2008.9. (Derick)
  • Upgraded bundled libzip to 0.9.0. (Pierre)
  • Added logging option for error_log to send directly to SAPI. (Stas)
  • Added PHP_MAJOR_VERSION, PHP_MINOR_VERSION, PHP_RELEASE_VERSION,PHP_EXTRA_VERSION, PHP_VERSION_ID, PHP_ZTS and PHP_DEBUG constants. (Pierre)
  • Added "PHP_INI_SCAN_DIR" environment variable which can be used to either disable or change the compile time ini scan directory (FR Fixed bug #45114). (Jani)
  • Fixed memory leak inside sqlite_create_aggregate(). (Felipe)
  • Fixed memory leak inside PDO sqlite's sqliteCreateAggregate() method. (Felipe)
  • Fixed memory leak inside readline_callback_handler_remove() function. (Felipe)
  • Fixed sybase_fetch_*() to continue reading after CS_ROW_FAIL status (Timm)
  • Fixed a bug inside dba_replace() that could cause file truncation with invalid keys. (Ilia)
  • Fixed memory leak inside readline_callback_handler_install() function. (Ilia)
  • Fixed memory leak inside readline_completion_function() function. (Felipe)
  • Fixed stream_get_contents() when using $maxlength and socket is not closed. indeyets [at] php [dot] net on Fixed bug #46049. (Arnaud)
  • Fixed stream_get_line() to behave as documented on non-blocking streams. (Arnaud)
  • Fixed endless loop in PDOStatement::debugDumpParams().(jonah.harris at gmail dot com)
  • Fixed ability to use "internal" heaps in extensions. (Arnaud, Dmitry)
  • Fixed weekdays adding/subtracting algorithm. (Derick)
  • Fixed some ambiguities in the date parser. (Derick)
  • Fixed a bug with the YYYY-MM format not resetting the day correctly. (Derick)
  • Fixed a bug in the DateTime->modify() methods, it would not use the advanced relative time strings. (Derick)
  • Fixed extraction of zip files or directories when the entry name is a relative path. (Pierre)
  • Fixed read or write errors for large zip archives. (Pierre)
  • Fixed simplexml asXML() not to lose encoding when dumping entire document to file. (Ilia)
  • Fixed a crash inside PDO when trying instantiate PDORow manually. (Felipe)
  • Fixed build failure of ext/mysqli with libmysql 6.0 - missing rpl functions. (Andrey)
  • Fixed a regression when using strip_tags() and < is within an attribute. (Scott)
  • Fixed a crash on invalid method in ReflectionParameter constructor. (Christian Seiler)
  • Reverted fix for bug Fixed bug #44197 due to behaviour change in minor version. (Felipe)
  • Fixed bug #46732 (mktime.year description is wrong). (Derick)
  • Fixed bug #46696 (cURL fails in upload files with specified content-type). (Ilia)
  • Fixed bug #46673 (stream_lock call with wrong parameter). (Arnaud)
  • Fixed bug #46649 (Setting array element with that same array produces inconsistent results). (Arnaud)
  • Fixed bug #46626 (mb_convert_case does not handle apostrophe correctly). (Ilia)
  • Fixed bug #46543 (ibase_trans() memory leaks when using wrong parameters). (Felipe)
  • Fixed bug #46521 (Curl ZTS OpenSSL, error in config.m4 fragment). (jd at cpanel dot net)
  • Fixed bug #46496 (wddx_serialize treats input as ISO-8859-1). (Mark Karpeles)
  • Fixed bug #46427 (SoapClient() stumbles over its "stream_context" parameter). (Dmitry, Herman Radtke)
  • Fixed bug #46426 (offset parameter of stream_get_contents() does not workfor "0"). (Felipe)
  • Fixed bug #46406 (Unregistering nodeclass throws E_FATAL). (Rob)
  • Fixed bug #46389 (NetWare needs small patch for _timezone). (patch by [email protected])
  • Fixed bug #46388 (stream_notification_callback inside of object destroys object variables). (Felipe)
  • Fixed bug #46381 (wrong $this passed to internal methods causes segfault). (Tony)
  • Fixed bug #46379 (Infinite loop when parsing '#' in one line file). (Arnaud)
  • Fixed bug #46366 (bad cwd with / as pathinfo). (Dmitry)
  • Fixed bug #46360 (TCP_NODELAY constant for socket_{get,set}_option). (bugs at trick dot vanstaveren dot us)
  • Fixed bug #46343 (IPv6 address filter accepts invalid address). (Ilia)
  • Fixed bug #46335 (DOMText::splitText doesn't handle multibyte characters). (Rob)
  • Fixed bug #46323 (compilation of simplexml for NetWare breaks). (Patch by [email protected])
  • Fixed bug #46319 (PHP sets default Content-Type header for HTTP 304 response code, in cgi sapi). (Ilia)
  • Fixed bug #46313 (Magic quotes broke $_FILES). (Arnaud)
  • Fixed bug #46308 (Invalid write when changing property from inside getter). (Dmitry)
  • Fixed bug #46292 (PDO::setFetchMode() shouldn't requires the 2nd arg when using FETCH_CLASSTYPE). (Felipe)
  • Fixed bugs #46274, #46249 (pdo_pgsql always fill in NULL for empty BLOB and segfaults when returned by SELECT). (Felipe)
  • Fixed bug #46271 (local_cert option is not resolved to full path). (Ilia)
  • Fixed bug #46247 (ibase_set_event_handler() is allowing to pass callback without event). (Felipe)
  • Fixed bug #46246 (difference between call_user_func(array($this, $method))and $this->$method()). (Dmitry)
  • Fixed bug #46222 (ArrayObject EG(uninitialized_var_ptr) overwrite). (Etienne)
  • Fixed bug #46215 (json_encode mutates its parameter and has some class-specific state). (Felipe)
  • Fixed bug #46206 (pg_query_params/pg_execute convert passed values to strings). (Ilia)
  • Fixed bug #46191 (BC break: DOMDocument saveXML() doesn't accept null). (Rob)
  • Fixed bug #46164 (stream_filter_remove() closes the stream). (Arnaud)
  • Fixed bug #46157 (PDOStatement::fetchObject prototype error). (Felipe)
  • Fixed bug #46147 (after stream seek, appending stream filter reads incorrect data). (Greg)
  • Fixed bug #46139 (PDOStatement->setFetchMode() forgets FETCH_PROPS_LATE). (chsc at peytz dot dk, Felipe)
  • Fixed bug #46127 (php_openssl_tcp_sockop_accept forgets to set context on accepted stream). (Mark Karpeles, Pierre)
  • Fixed bug #46110 (XMLWriter - openmemory() and openuri() leak memory on multiple calls). (Ilia)
  • Fixed bug #46088 (RegexIterator::accept - segfault). (Felipe)
  • Fixed bug #46082 (stream_set_blocking() can cause a crash in some circumstances). (Felipe)
  • Fixed bug #46064 (Exception when creating ReflectionProperty object on dynamicly created property). (Felipe)
  • Fixed bug #46059 (Compile failure under IRIX 6.5.30 building posix.c). (Arnaud)
  • Fixed bug #46053 (SplFileObject::seek - Endless loop). (Arnaud)
  • Fixed bug #46051 (SplFileInfo::openFile - memory overlap). (Arnaud)
  • Fixed bug #46047 (SimpleXML converts empty nodes into object with nested array). (Rob)
  • Fixed bug #46031 (Segfault in AppendIterator::next). (Arnaud)
  • Fixed bug #46029 (Segfault in DOMText when using with Reflection). (Rob)
  • Fixed bug #46026 (bzip2.decompress/zlib.inflate filter tries to decompress after end of stream). (Keisial at gmail dot com, Greg)
  • Fixed bug #46024 (stream_select() doesn't return the correct number).(Arnaud)
  • Fixed bug #46010 (warnings incorrectly generated for iv in ecb mode). (Felipe)
  • Fixed bug #46003 (isset on nonexisting node return unexpected results). (Rob)
  • Fixed bug #45956 (parse_ini_file() does not return false with syntax errors in parsed file). (Jani)
  • Fixed bug #45901 (wddx_serialize_value crash with SimpleXMLElement object).(Rob)
  • Fixed bug #45862 (get_class_vars is inconsistent with 'protected' and 'private' variables). (ilewis at uk dot ibm dot com, Felipe)
  • Fixed bug #45860 (header() function fails to correctly replace all Status lines). (Dmitry)
  • Fixed bug #45805 (Crash on throwing exception from error handler). (Dmitry)
  • Fixed bug #45765 (ReflectionObject with default parameters of self::xxx cause an error). (Felipe)
  • Fixed bug #45751 (Using auto_prepend_file crashes (out of scope stack address use)). (basant dot kukreja at sun dot com)
  • Fixed bug #45722 (mb_check_encoding() crashes). (Moriyoshi)
  • Fixed bug #45705 (rfc822_parse_adrlist() modifies passed address parameter). (Jani)
  • Fixed bug #45691 (Some per-dir or runtime settings may leak into other requests). (Moriyoshi)
  • Fixed bug #45581 (htmlspecialchars() double encoding hex items). (Arnaud)
  • Fixed bug #45580 (levenshtein() crashes with invalid argument). (Ilia)
  • Fixed bug #45575 (Segfault with invalid non-string as event handler callback). (Christian Seiler)
  • Fixed bug #45568 (ISAPI doesn't properly clear auth_digest in header). (Patch by: navara at emclient dot com)
  • Fixed bug #45556 (Return value from callback isn't freed). (Felipe)
  • Fixed bug #45555 (Segfault with invalid non-string as register_introspection_callback). (Christian Seiler)
  • Fixed bug #45553 (Using XPath to return values for attributes with a namespace does not work). (Rob)
  • Fixed bug #45529 (new DateTimeZone() and date_create()->getTimezone() behave different). (Derick)
  • Fixed bug #45522 (FCGI_GET_VALUES request does not return supplied values). (Arnaud)
  • Fixed bug #45486 (mb_send_mail(); header 'Content-Type: text/plain; charset=' parsing incorrect). (Felipe)
  • Fixed bug #45485 (strip_tags and

New in PHP 5.2.6 (October 9th, 2008)

  • Security Fixes
  • Fixed possible stack buffer overflow in FastCGI SAPI. (Andrei Nigmatulin)
  • Properly address incomplete multibyte chars inside escapeshellcmd() (Ilia, Stefan Esser)
  • Fixed security issue detailed in CVE-2008-0599. (Rasmus)
  • Fixed a safe_mode bypass in cURL identified by Maksymilian Arciemowicz. (Ilia)
  • Upgraded PCRE to version 7.6 (Nuno)
  • Fixed two possible crashes inside posix extension (Tony)
  • Fixed incorrect heredoc handling when label is used within the block. (Matt)
  • Fixed sending of uninitialized paddings which may contain some information. (Andrei Nigmatulin)
  • Fixed a bug in formatting timestamps when DST is active in the default timezone (Derick)
  • Fix integer overflow in printf(). (Stas, Maksymilian Aciemowicz)
  • Fixed potential memleak in stream filter parameter for zlib filter. (Greg)
  • Added Reflection API metadata for the methods of the DOM classes. (Sebastian)
  • Fixed weird behavior in CGI parameter parsing. (Dmitry, Hannes Magnusson)
  • Fixed a bug with PDO::FETCH_COLUMN|PDO::FETCH_GROUP mode when a column # by which to group by data is specified. (Ilia)
  • Fixed segfault in filter extension when using callbacks. (Arnar Mar Sig, Felipe)
  • Fixed faulty fix for bug Fixed bug #40189 (endless loop in zlib.inflate stream filter). (Greg)
  • Fixed bug #44742 (timezone_offset_get() causes segmentation faults). (Derick)
  • Fixed bug #44720 (Prevent crash within session_register()). (Scott)
  • Fixed bug #44703 (htmlspecialchars() does not detect bad character set argument). (Andy Wharmby)
  • Fixed bug #44673 (With CGI argv/argc starts from arguments, not from script) (Dmitry)
  • Fixed bug #44667 (proc_open() does not handle pipes with the mode 'wb' correctly). (Jani)
  • Fixed bug #44663 (Crash in imap_mail_compose if "body" parameter invalid). (Ilia)
  • Fixed bug #44650 (escapeshellscmd() does not check arg count). (Ilia)
  • Fixed bug #44613 (Crash inside imap_headerinfo()). (Ilia, jmessa)
  • Fixed bug #44603 (Order issues with Content-Type/Length headers on POST). (Ilia)
  • Fixed bug #44594 (imap_open() does not validate # of retries parameter). (Ilia)
  • Fixed bug #44591 (imagegif's filename parameter). (Felipe)
  • Fixed bug #44557 (Crash in imap_setacl when supplied integer as username) (Thomas Jarosch)
  • Fixed bug #44487 (call_user_method_array issues a warning when throwing an exception). (David Soria Parra)
  • Fixed bug #44478 (Inconsistent behaviour when assigning new nodes). (Rob, Felipe)
  • Fixed bug #44445 (email validator does not handle domains starting/ending with a -). (Ilia)
  • Fixed bug #44440 (st_blocks undefined under BeOS). (Felipe)
  • Fixed bug #44394 (Last two bytes missing from output). (Felipe)
  • Fixed bug #44388 (Crash inside exif_read_data() on invalid images) (Ilia)
  • Fixed bug #44373 (PDO_OCI extension compile failed). (Felipe)
  • Fixed bug #44333 (SEGFAULT when using mysql_pconnect() with client_flags). (Felipe)
  • Fixed bug #44306 (Better detection of MIPS processors on Windows). (Ilia)
  • Fixed bug #44242 (metaphone('CMXFXM') crashes PHP). (Felipe)
  • Fixed bug #44233 (MSG_PEEK undefined under BeOS R5). (jonathonfreeman at gmail dot com, Ilia)
  • Fixed bug #44216 (strftime segfaults on large negative value). (Derick)
  • Fixed bug #44209 (strtotime() doesn't support 64 bit timestamps on 64 bit platforms). (Derick)
  • Fixed bug #44206 (OCI8 selecting ref cursors leads to ORA-1000 maximum open cursors reached). (Oracle Corp.)
  • Fixed bug #44200 (A crash in PDO when no bound targets exists and yet bound parameters are present). (Ilia)
  • Fixed bug #44197 (socket array keys lost on socket_select). (Felipe)
  • Fixed bug #44191 (preg_grep messes up array index). (Felipe)
  • Fixed bug #44189 (PDO setAttribute() does not properly validate values for native numeric options). (Ilia)
  • Fixed bug #44184 (Double free of loop-variable on exception). (Dmitry)
  • Fixed bug #44171 (Invalid FETCH_COLUMN index does not raise an error). (Ilia)
  • Fixed bug #44166 (Parameter handling flaw in PDO::getAvailableDrivers()). (Ilia)
  • Fixed bug #44159 (Crash: $pdo->setAttribute(PDO::STATEMENT_ATTR_CLASS, NULL)). (Felipe)
  • Fixed bug #44152 (Possible crash with syslog logging on ZTS builds). (Ilia)
  • Fixed bug #44141 (private parent constructor callable through static function). (Dmitry)
  • Fixed bug #44113 (OCI8 new collection creation can fail with OCI-22303). (Oracle Corp.)
  • Fixed bug #44069 (Huge memory usage with concatenation using . instead of .=). (Dmitry)
  • Fixed bug #44046 (crash inside array_slice() function with an invalid by-ref offset). (Ilia)
  • Fixed bug #44028 (crash inside stream_socket_enable_crypto() when enabling encryption without crypto type). (Ilia)
  • Fixed bug #44018 (RecursiveDirectoryIterator options inconsistancy). (Marcus)
  • Fixed bug #44008 (OCI8 incorrect usage of OCI-Lob->close crashes PHP). (Oracle Corp.)
  • Fixed bug #43998 (Two error messages returned for incorrect encoding for mb_strto[upper|lower]). (Rui)
  • Fixed bug #43994 (mb_ereg 'successfully' matching incorrect). (Rui)
  • Fixed bug #43954 (Memory leak when sending the same HTTP status code multiple times). (Scott)
  • Fixed bug #43927 (koi8r is missing from html_entity_decode()). (andy at demos dot su, Tony)
  • Fixed bug #43912 (Interbase column names are truncated to 31 characters). (Ilia)
  • Fixed bug #43875 (Two error messages returned for $new and $flag argument in mysql_connect()). (Hannes)
  • Fixed bug #43863 (str_word_count() breaks on cyrillic "ya" in locale cp1251). (phprus at gmail dot com, Tony)
  • Fixed bug #43841 (mb_strrpos offset is byte count for negative values). (Rui)
  • Fixed bug #43840 (mb_strpos bounds check is byte count rather than a character count). (Rui)
  • Fixed bug #43808 (date_create never fails (even when it should)). (Derick)
  • Fixed bug #43793 (zlib filter is unable to auto-detect gzip/zlib file headers). (Greg)
  • Fixed bug #43703 (Signature compatibility check broken). (Dmitry)
  • Fixed bug #43677 (Inconsistent behaviour of include_path set with php_value). (manuel at mausz dot at)
  • Fixed bug #43663 (Extending PDO class with a __call() function doesn't work). (David Soria Parra)
  • Fixed bug #43647 (Make FindFile use PATH_SEPARATOR instead of ";"). (Ilia)
  • Fixed bug #43635 (mysql extension ingores INI settings on NULL values passed to mysql_connect()). (Ilia)
  • Fixed bug #43620 (Workaround for a bug inside libcurl 7.16.2 that can result in a crash). (Ilia)
  • Fixed bug #43614 (incorrect processing of numerical string keys of array in arbitrary serialized data). (Dmitriy Buldakov, Felipe)
  • Fixed bug #43606 (define missing depencies of the exif extension). (crrodriguez at suse dot de)
  • Fixed bug #43589 (a possible infinite loop in bz2_filter.c). (Greg)
  • Fixed bug #43580 (removed bogus declaration of a non-existent php_is_url() function). (Ilia)
  • Fixed bug #43559 (array_merge_recursive() doesn't behave as expected with duplicate NULL values). (Felipe, Tony)
  • Fixed bug #43533 (escapeshellarg('') returns null). (Ilia)
  • Fixed bug #43527 (DateTime created from a timestamp reports environment timezone). (Derick)
  • Fixed bug #43522 (stream_get_line() eats additional characters). (Felipe, Ilia, Tony)
  • Fixed bug #43507 (SOAPFault HTTP Status 500 - would like to be able to set the HTTP Status). (Dmitry)
  • Fixed bug #43505 (Assign by reference bug). (Dmitry)
  • Fixed bug #43498 (file_exists() on a proftpd server got SIZE not allowed in ASCII mode). (Ilia, crrodriguez at suse dot de)
  • Fixed bug #43497 (OCI8 XML/getClobVal aka temporary LOBs leak UGA memory). (Chris)
  • Fixed bug #43495 (array_merge_recursive() crashes with recursive arrays). (Ilia)
  • Fixed bug #43493 (pdo_pgsql does not send username on connect when password is not available). (Ilia)
  • Fixed bug #43491 (Under certain conditions, file_exists() never returns). (Dmitry)
  • Fixed bug #43483 (get_class_methods() does not list all visible methods). (Dmitry)
  • Fixed bug #43482 (array_pad() does not warn on very small pad numbers). (Ilia)
  • Fixed bug #43457 (Prepared statement with incorrect parms doesn't throw exception with pdo_pgsql driver). (Ilia)
  • Fixed bug #43450 (Memory leak on some functions with implicit object __toString() call). (David C.)
  • Fixed bug #43386 (array_globals not reset to 0 properly on init). (Ilia)
  • Fixed bug #43377 (PHP crashes with invalid argument for DateTimeZone). (Ilia)
  • Fixed bug #43373 (pcntl_fork() should not raise E_ERROR on error). (Ilia)
  • Fixed bug #43364 (recursive xincludes don't remove internal xml nodes properly). (Rob, patch from [email protected])
  • Fixed bug #43301 (mb_ereg*_replace() crashes when replacement string is invalid PHP expression and 'e' option is used). (Jani)
  • Fixed bug #43295 (crash because of uninitialized SG(sapi_headers).mimetype). (Dmitry)
  • Fixed bug #43293 (Multiple segfaults in getopt()). (Hannes)
  • Fixed bug #43279 (pg_send_query_params() converts all elements in 'params' to strings). (Ilia)
  • Fixed bug #43276 (Incomplete fix for bug #42739, mkdir() under safe_mode). (Ilia)
  • Fixed bug #43248 (backward compatibility break in realpath()). (Dmitry)
  • Fixed bug #43221 (SimpleXML adding default namespace in addAttribute). (Rob)
  • Fixed bug #43216 (stream_is_local() returns false on "file://"). (Dmitry)
  • Fixed bug #43201 (Crash on using uninitialized vals and __get/__set). (Dmitry)
  • Fixed bug #43182 (file_put_contents() LOCK_EX does not work properly on file truncation). (Ilia)
  • Fixed bug #43175 (__destruct() throwing an exception with __call() causes segfault). (Dmitry)
  • Fixed bug #43128 (Very long class name causes segfault). (Dmitry)
  • Fixed bug #43105 (PHP seems to fail to close open files). (Hannes)
  • Fixed bug #43092 (curl_copy_handle() crashes with > 32 chars long URL). (Jani)
  • Fixed bug #43003 (Invalid timezone reported for DateTime objects constructed using a timestamp). (Derick)
  • Fixed bug #42978 (mismatch between number of bound params and values causes a crash in pdo_pgsql). (Ilia)
  • Fixed bug #42945 (preg_split() swallows part of the string). (Nuno)
  • Fixed bug #42937 (__call() method not invoked when methods are called on parent from child class). (Dmitry)
  • Fixed bug #42841 (REF CURSOR and oci_new_cursor() crash PHP). (Chris)
  • Fixed bug #42838 (Wrong results in array_diff_uassoc) (Felipe)
  • Fixed bug #42779 (Incorrect forcing from HTTP/1.0 request to HTTP/1.1 response). (Ilia)
  • Fixed bug #42736 (xmlrpc_server_call_method() crashes). (Tony)
  • Fixed bug #42692 (Procedure 'int1' not present with doc/lit SoapServer). (Dmitry)
  • Fixed bug #42548 (mysqli PROCEDURE calls can't return result sets). (Hartmut)
  • Fixed bug #42505 (new sendmail default breaks on Netware platform) (Guenter Knauf)
  • Fixed bug #42369 (Implicit conversion to string leaks memory). (David C., Rob).
  • Fixed bug #42272 (var_export() incorrectly escapes char(0)). (Derick)
  • Fixed bug #42261 (Incorrect lengths for date and boolean data types). (Ilia)
  • Fixed bug #42190 (Constructing DateTime with TimeZone Indicator invalidates DateTimeZone). (Derick)
  • Fixed bug #42177 (Warning "array_merge_recursive(): recursion detected" comes again...). (Felipe)
  • Fixed bug #41941 (oci8 extension not lib64 savvy). (Chris)
  • Fixed bug #41828 (Failing to call RecursiveIteratorIterator::__construct() causes a sefault). (Etienne)
  • Fixed bug #41599 (setTime() fails after modify() is used). (Derick)
  • Fixed bug #41562 (SimpleXML memory issue). (Rob)
  • Fixed bug #40013 (php_uname() does not return nodename on Netware (Guenter Knauf)
  • Fixed bug #38468 (Unexpected creation of cycle). (Dmitry)
  • Fixed bug #32979 (OpenSSL stream->fd casts broken in 64-bit build) (stotty at tvnet dot hu)