Die Entwickler von PHP haben vor wenigen Tagen die PHP Versionen 8.4.1, 8.3.14, 8.2.26 und 8.1.31 veröffentlicht. Alle Releases sind Updates die Fehler korrigieren und Sicherheitslücken schließen und sollten umgehend installiert werden. Eine Besonderheit ist das Release 8.4.1, dass gleichzeitig den neuen PHP Zweig 8.4 einläutet.
PHP 8.4.1 Release Notes
- BcMath:
- [RFC] Add bcfloor, bcceil and bcround to BCMath.
- Improve performance.
- Adjust bcround()’s $mode parameter to only accept the RoundingMode enum.
- Fixed LONG_MAX in BCMath ext.
- Fixed bcdiv() div by one.
- [RFC] Support object types in BCMath.
- bcpow() performance improvement.
- ext/bcmath: Check for scale overflow.
- [RFC] ext/bcmath: Added bcdivmod.
- Fix GH-15968 (Avoid converting objects to strings in operator calculations).
- Fixed bug GH-16265 (Added early return case when result is 0) (Saki Takamachi).
- Fixed bug GH-16262 (Fixed a bug where size_t underflows) (Saki Takamachi).
- Fixed GH-16236 (Fixed a bug in BcMath\Number::pow() and bcpow() when raising negative powers of 0) (Saki Takamachi).
- Core:
- Added zend_call_stack_get implementation for NetBSD, DragonFlyBSD, Solaris and Haiku.
- Enabled ifunc checks on FreeBSD from the 12.x releases.
- Changed the type of PHP_DEBUG and PHP_ZTS constants to bool.
- Fixed bug GH-13142 (Undefined variable name is shortened when contains \0).
- Fixed bug GH-13178 (Iterator positions incorrect when converting packed array to hashed).
- Fixed zend fiber build for solaris default mode (32 bits).
- Fixed zend call stack size for macOs/arm64.
- Added support for Zend Max Execution Timers on FreeBSD.
- Ensure fiber stack is not backed by THP.
- Implement GH-13609 (Dump wrapped object in WeakReference class).
- Added sparc64 arch assembly support for zend fiber.
- Fixed GH-13581 no space available for TLS on NetBSD.
- Added fiber Sys-V loongarch64 support.
- Adjusted closure names to include the parent function’s name.
- Improve randomness of uploaded file names and files created by tempnam().
- Added gc and shutdown callbacks to zend_mm custom handlers.
- Fixed bug GH-14650 (Compute the size of pages before allocating memory).
- Fixed bug GH-11928 (The –enable-re2c-cgoto doesn’t add the -g flag).
- Added the #[\Deprecated] attribute.
- Fixed GH-11389 (Allow suspending fibers in destructors).
- Fixed bug GH-14801 (Fix build for armv7).
- Implemented property hooks RFC.
- Fix GH-14978 (The xmlreader extension phpize build).
- Throw Error exception when encountering recursion during comparison, rather than fatal error.
- Added missing cstddef include for C++ builds.
- Updated build system scripts config.guess to 2024-07-27 and config.sub to 2024-05-27.
- Fixed bug GH-15240 (Infinite recursion in trait hook).
- Fixed bug GH-15140 (Missing variance check for abstract set with asymmetric type).
- Fixed bug GH-15181 (Disabled output handler is flushed again).
- Passing E_USER_ERROR to trigger_error() is now deprecated.
- Fixed bug GH-15292 (Dynamic AVX detection is broken for MSVC).
- Using „_“ as a class name is now deprecated.
- Exiting a namespace now clears seen symbols.
- The exit (and die) language constructs now behave more like a function. They can be passed liked callables, are affected by the strict_types declare statement, and now perform the usual type coercions instead of casting any non-integer value to a string. As such, passing invalid types to exit/die may now result in a TypeError being thrown.
- Fixed bug GH-15438 (Hooks on constructor promoted properties without visibility are ignored).
- Fixed bug GH-15419 (Missing readonly+hook incompatibility check for readonly classes).
- Fixed bug GH-15187 (Various hooked object iterator issues).
- Fixed bug GH-15456 (Crash in get_class_vars() on virtual properties).
- Fixed bug GH-15501 (Windows HAVE_<header>_H macros defined to 1 or undefined).
- Implemented asymmetric visibility for properties.
- Fixed bug GH-15644 (Asymmetric visibility doesn’t work with hooks).
- Implemented lazy objects RFC.
- Fixed bug GH-15686 (Building shared iconv with external iconv library).
- Fixed missing error when adding asymmetric visibility to unilateral virtual property.
- Fixed bug GH-15693 (Unnecessary include in main.c bloats binary).
- Fixed bug GH-15731 (AllowDynamicProperties validation should error on enums).
- Fixed bug GH-16040 (Use-after-free of object released in hook).
- Fixed bug GH-16026 (Reuse of dtor fiber during shutdown).
- Fixed bug GH-15999 (zend_std_write_property() assertion failure with lazy objects).
- Fixed bug GH-15960 (Foreach edge cases with lazy objects).
- Fixed bug GH-16185 (Various hooked object iterator issues).
- Fixed bug OSS-Fuzz #371445205 (Heap-use-after-free in attr_free).
- Fixed missing error when adding asymmetric visibility to static properties.
- Fixed bug OSS-Fuzz #71407 (Null-dereference WRITE in zend_lazy_object_clone).
- Fixed bug GH-16574 (Incorrect error „undefined method“ messages).
- Fixed bug GH-16577 (EG(strtod_state).freelist leaks with opcache.preload).
- Fixed bug GH-16615 (Assertion failure in zend_std_read_property).
- Fixed bug GH-16342 (Added ReflectionProperty::isLazy()).
- Fixed bug GH-16725 (Incorrect access check for non-hooked props in hooked object iterator).
- Curl:
- Deprecated the CURLOPT_BINARYTRANSFER constant.
- Bumped required libcurl version to 7.61.0.
- Added feature_list key to the curl_version() return value.
- Added constants CURL_HTTP_VERSION_3 (libcurl 7.66) and CURL_HTTP_VERSION_3ONLY (libcurl 7.88) as options for CURLOPT_HTTP_VERSION (Ayesh Karunaratne)
- Added CURLOPT_TCP_KEEPCNT to set the number of probes to send before dropping the connection.
- Added CURLOPT_PREREQFUNCTION Curl option to set a custom callback after the connection is established, but before the request is performed.
- Added CURLOPT_SERVER_RESPONSE_TIMEOUT, which was formerly known as CURLOPT_FTP_RESPONSE_TIMEOUT.
- The CURLOPT_DNS_USE_GLOBAL_CACHE option is now silently ignored.
- Added CURLOPT_DEBUGFUNCTION as a Curl option.
- Fixed bug GH-16359 (crash with curl_setopt* CURLOPT_WRITEFUNCTION without null callback).
- Fixed bug GH-16723 (CURLMOPT_PUSHFUNCTION issues).
- Date:
- Added DateTime[Immutable]::createFromTimestamp.
- Added DateTime[Immutable]::[get|set]Microsecond.
- Constants SUNFUNCS_RET_TIMESTAMP, SUNFUNCS_RET_STRING, and SUNFUNCS_RET_DOUBLE are now deprecated.
- Fixed bug GH-13773 (DatePeriod not taking into account microseconds for end date).
- DBA:
- Passing null or false to dba_key_split() is deprecated.
- Debugging:
- Fixed bug GH-15923 (GDB: Python Exception <class ‚TypeError’>: exceptions must derive from BaseException).
- DOM:
- Added DOMNode::compareDocumentPosition().
- Implement #53655 (Improve speed of DOMNode::C14N() on large XML documents).
- Fix cloning attribute with namespace disappearing namespace.
- Implement DOM HTML5 parsing and serialization RFC.
- Fix DOMElement->prefix with empty string creates bogus prefix.
- Handle OOM more consistently.
- Implemented „Improve callbacks in ext/dom and ext/xsl“ RFC.
- Added DOMXPath::quote() static method.
- Implemented opt-in ext/dom spec compliance RFC.
- Fixed bug #79701 (getElementById does not correctly work with duplicate definitions).
- Implemented „New ext-dom features in PHP 8.4“ RFC.
- Fixed GH-14698 (segfault on DOM node dereference).
- Improve support for template elements.
- Fix trampoline leak in xpath callables.
- Throw instead of silently failing when creating a too long text node in (DOM)ParentNode and (DOM)ChildNode.
- Fixed bug GH-15192 (Segmentation fault in dom extension (html5_serializer)).
- Deprecated DOM_PHP_ERR constant.
- Removed DOMImplementation::getFeature().
- Fixed bug GH-15331 (Element::$substitutedNodeValue test failed).
- Fixed bug GH-15570 (Segmentation fault (access null pointer) in ext/dom/html5_serializer.c).
- Fixed bug GH-13988 (Storing DOMElement consume 4 times more memory in PHP 8.1 than in PHP 8.0).
- Fix XML serializer errata: xmlns=““ serialization should be allowed.
- Fixed bug GH-15910 (Assertion failure in ext/dom/element.c).
- Fix unsetting DOM properties.
- Fixed bug GH-16190 (Using reflection to call Dom\Node::__construct causes assertion failure).
- Fix edge-case in DOM parsing decoding.
- Fixed bug GH-16465 (Heap buffer overflow in DOMNode->getElementByTagName).
- Fixed bug GH-16594 (Assertion failure in DOM -> before).
- Fileinfo:
- Update to libmagic 5.45.
- Fixed bug #65106 (PHP fails to compile ext/fileinfo).
- FPM:
- Implement GH-12385 (flush headers without body when calling flush()).
- Added DragonFlyBSD system to the list which set FPM_BACKLOG_DEFAULT to SOMAXCONN.
- /dev/poll events.mechanism for Solaris/Illumos setting had been retired.
- Added memory peak to the scoreboard / status page.
- FTP:
- Removed the deprecated inet_ntoa call support.
- Fixed bug #63937 (Upload speed 10 times slower with PHP).
- GD:
- Fix parameter numbers and missing alpha check for imagecolorset().
- imagepng/imagejpeg/imagewep/imageavif now throw an exception on invalid quality parameter.
- Check overflow/underflow for imagescale/imagefilter.
- Added gdImageClone to bundled libgd.
- Gettext:
- bind_textdomain_codeset, textdomain and d(*)gettext functions now throw an exception on empty domain.
- GMP:
- The GMP class is now final and cannot be extended anymore.
- RFC: Change GMP bool cast behavior.
- Hash:
- Changed return type of hash_update() to true.
- Added HashContext::__debugInfo().
- Deprecated passing incorrect data types for options to ext/hash functions.
- Added SSE2 and SHA-NI implementation of SHA-256.
- Fix GH-15384 (Build fails on Alpine / Musl for amd64).
- Fixed bug GH-15742 (php_hash_sha.h incompatible with C++).
- IMAP:
- Moved to PECL.
- Intl:
- Added IntlDateFormatter::PATTERN constant.
- Fixed Numberformatter::__construct when the locale is invalid, now throws an exception.
- Added NumberFormatter::ROUND_TOWARD_ZERO and ::ROUND_AWAY_FROM_ZERO as aliases for ::ROUND_DOWN and ::ROUND_UP.
- Added NumberFormatter::ROUND_HALFODD.
- Added PROPERTY_IDS_UNARY_OPERATOR, PROPERTY_ID_COMPAT_MATH_START and PROPERTY_ID_COMPAT_MATH_CONTINUE constants.
- Added IntlDateFormatter::getIanaID/intltz_get_iana_id method/function.
- Set to C++17 standard for icu 74 and onwards.
- resourcebundle_get(), ResourceBundle::get(), and accessing offsets on a ResourceBundle object now throw: – TypeError for invalid offset types – ValueError for an empty string – ValueError if the integer index does not fit in a signed 32 bit integer
- ResourceBundle::get() now has a tentative return type of: ResourceBundle|array|string|int|null
- Added the new Grapheme function grapheme_str_split.
- Added IntlDateFormatter::parseToCalendar.
- Added SpoofChecker::setAllowedChars to set unicode chars ranges.
- LDAP:
- Added LDAP_OPT_X_TLS_PROTOCOL_MAX/LDAP_OPT_X_TLS_PROTOCOL_TLS1_3 constants.
- LibXML:
- Added LIBXML_RECOVER constant.
- libxml_set_streams_context() now throws immediately on an invalid context instead of at the use-site.
- Added LIBXML_NO_XXE constant.
- MBString:
- Added mb_trim, mb_ltrim and mb_rtrim.
- Added mb_ucfirst and mb_lcfirst.
- Updated Unicode data tables to Unicode 15.1.
- Fixed bug GH-15824 (mb_detect_encoding(): Argument $encodings contains invalid encoding „UTF8“).
- Updated Unicode data tables to Unicode 16.0.
- Mysqli:
- The mysqli_ping() function and mysqli::ping() method are now deprecated, as the reconnect feature was removed in PHP 8.2.
- The mysqli_kill() function and mysqli::kill() method are now deprecated. If this functionality is needed a SQL „KILL“ command can be used instead.
- The mysqli_refresh() function and mysqli::refresh() method are now deprecated. If this functionality is needed a SQL „FLUSH“ command can be used instead.
- Passing explicitly the $mode parameter to mysqli_store_result() has been deprecated. As the MYSQLI_STORE_RESULT_COPY_DATA constant was only used in conjunction with this function it has also been deprecated.
- MySQLnd:
- Opcache:
- Added large shared segments support for FreeBSD.
- If JIT is enabled, PHP will now exit with a fatal error on startup in case of JIT startup initialization issues.
- Increased the maximum value of opcache.interned_strings_buffer to 32767 on 64bit archs.
- Fixed bug GH-13834 (Applying non-zero offset 36 to null pointer in zend_jit.c).
- Fixed bug GH-14361 (Deep recursion in zend_cfg.c causes segfault).
- Fixed bug GH-14873 (PHP 8.4 min function fails on typed integer).
- Fixed bug GH-15490 (Building of callgraph modifies preloaded symbols).
- Fixed bug GH-15178 (Assertion in tracing JIT on hooks).
- Fixed bug GH-15657 (Segmentation fault in dasm_x86.h).
- Added opcache_jit_blacklist() function.
- Fixed bug GH-16009 (Segmentation fault with frameless functions and undefined CVs).
- Fixed bug GH-16186 (Assertion failure in Zend/zend_operators.c).
- Fixed bug GH-16572 (Incorrect result with reflection in low-trigger JIT).
- Fixed GH-16839 (Error on building Opcache JIT for Windows ARM64).
- OpenSSL:
- Fixed bug #80269 (OpenSSL sets Subject wrong with extraattribs parameter).
- Implement request #48520 (openssl_csr_new – allow multiple values in DN).
- Introduced new serial_hex parameter to openssl_csr_sign.
- Added X509_PURPOSE_OCSP_HELPER and X509_PURPOSE_TIMESTAMP_SIGN constants.
- Bumped minimum required OpenSSL version to 1.1.1.
- Added compile-time option –with-openssl-legacy-provider to enable legacy provider.
- Added support for Curve25519 + Curve448 based keys.
- Fixed bug GH-13343 (openssl_x509_parse should not allow omitted seconds in UTCTimes).
- Bumped minimum required OpenSSL version to 1.1.0.
- Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2.
- Output:
- Clear output handler status flags during handler initialization.
- Fixed bug with url_rewriter.hosts not used by output_add_rewrite_var().
- PCNTL:
- Added pcntl_setns for Linux.
- Added pcntl_getcpuaffinity/pcntl_setcpuaffinity.
- Updated pcntl_get_signal_handler signal id upper limit to be more in line with platforms limits.
- Added pcntl_getcpu for Linux/FreeBSD/Solaris/Illumos.
- Added pcntl_getqos_class/pcntl_setqos_class for macOs.
- Added SIGCKPT/SIGCKPTEXIT constants for DragonFlyBSD.
- Added FreeBSD’s SIGTRAP handling to pcntl_siginfo_to_zval.
- Added POSIX pcntl_waitid.
- Fixed bug GH-16769: (pcntl_sigwaitinfo aborts on signal value as reference).
- PCRE:
- Upgrade bundled pcre2lib to version 10.43.
- Add „/r“ modifier.
- Upgrade bundled pcre2lib to version 10.44.
- Fixed GH-16189 (underflow on offset argument).
- Fix UAF issues with PCRE after request shutdown.
- PDO:
- Fixed setAttribute and getAttribute.
- Implemented PDO driver-specific subclasses RFC.
- Added support for PDO driver-specific SQL parsers.
- Fixed bug GH-14792 (Compilation failure on pdo_* extensions).
- mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT.
- The internal header php_pdo_int.h is no longer installed; it is not supposed to be used by PDO drivers.
- Fixed bug GH-16167 (Prevent mixing PDO sub-classes with different DSN).
- Fixed bug GH-16314 („Pdo\Mysql object is uninitialized“ when opening a persistent connection).
- PDO_DBLIB:
- Fixed setAttribute and getAttribute.
- Added class Pdo\DbLib.
- PDO_Firebird:
- Fixed setAttribute and getAttribute.
- Feature: Add transaction isolation level and mode settings to pdo_firebird.
- Added class Pdo\Firebird.
- Added Pdo\Firebird::ATTR_API_VERSION.
- Added getApiVersion() and removed from getAttribute().
- Supported Firebird 4.0 datatypes.
- Support proper formatting of time zone types.
- Fixed GH-15604 (Always make input parameters nullable).
- PDO_MYSQL:
- Fixed setAttribute and getAttribute.
- Added class Pdo\Mysql.
- Added custom SQL parser.
- Fixed GH-15949 (PDO_MySQL not properly quoting PDO_PARAM_LOB binary data).
- PDO_ODBC:
- Added class Pdo\Odbc.
- PDO_PGSQL:
- Fixed GH-12423, DSN credentials being prioritized over the user/password PDO constructor arguments.
- Fixed native float support with pdo_pgsql query results.
- Added class Pdo\Pgsql.
- Retrieve the memory usage of the query result resource.
- Added Pdo\Pgsql::setNoticeCallBack method to receive DB notices.
- Added custom SQL parser.
- Fixed GH-15986 (Double-free due to Pdo\Pgsql::setNoticeCallback()).
- Fixed GH-12940 (Using PQclosePrepared when available instead of the DEALLOCATE command to free statements resources).
- Remove PGSQL_ATTR_RESULT_MEMORY_SIZE constant as it is provided by the new PDO Subclass as Pdo\Pgsql::ATTR_RESULT_MEMORY_SIZE.
- PDO_SQLITE:
- Added class Pdo\Sqlite.
- Fixed bug #81227 (PDO::inTransaction reports false when in transaction).
- Added custom SQL parser.
- PHPDBG:
- array out of bounds, stack overflow handled for segfault handler on windows.
- Fixed bug GH-16041 (Support stack limit in phpdbg).
- PGSQL:
- Added the possibility to have no conditions for pg_select.
- Persistent connections support the PGSQL_CONNECT_FORCE_RENEW flag.
- Added pg_result_memory_size to get the query result memory usage.
- Added pg_change_password to alter an user’s password.
- Added pg_put_copy_data/pg_put_copy_end to send COPY commands and signal the end of the COPY.
- Added pg_socket_poll to poll on the connection.
- Added pg_jit to get infos on server JIT support.
- Added pg_set_chunked_rows_size to fetch results per chunk.
- pg_convert/pg_insert/pg_update/pg_delete ; regexes are now cached.
- Phar:
- Fixed bug GH-12532 (PharData created from zip has incorrect timestamp).
- POSIX:
- Added POSIX_SC_CHILD_MAX and POSIX_SC_CLK_TCK constants.
- Updated posix_isatty to set the error number on file descriptors.
- PSpell:
- Moved to PECL.
- Random:
- Fixed bug GH-15094 (php_random_default_engine() is not C++ conforming).
- lcg_value() is now deprecated.
- Readline:
- Fixed readline_info, rl_line_buffer_length/rl_len globals on update.
- Fixed bug #51558 (Shared readline build fails).
- Fixed UAF with readline_info().
- Reflection:
- Implement GH-12908 (Show attribute name/class in ReflectionAttribute dump).
- Make ReflectionGenerator::getFunction() legal after generator termination.
- Added ReflectionGenerator::isClosed().
- Fixed bug GH-15718 (Segfault on ReflectionProperty::get{Hook,Hooks}() on dynamic properties).
- Fixed bug GH-15694 (ReflectionProperty::isInitialized() is incorrect for hooked properties).
- Add missing ReflectionProperty::hasHook[s]() methods.
- Add missing ReflectionProperty::isFinal() method.
- Fixed bug GH-16122 (The return value of ReflectionFunction::getNamespaceName() and ReflectionFunction::inNamespace() for closures is incorrect).
- Fixed bug GH-16162 (No ReflectionProperty::IS_VIRTUAL) (DanielEScherzer)
- Fixed the name of the second parameter of ReflectionClass::resetAsLazyGhost().
- Session:
- INI settings session.sid_length and session.sid_bits_per_character are now deprecated.
- Emit warnings for non-positive values of session.gc_divisor and negative values of session.gc_probability.
- Fixed bug GH-16590 (UAF in session_encode()).
- SimpleXML:
- Fix signature of simplexml_import_dom().
- SNMP:
- Removed the deprecated inet_ntoa call support.
- SOAP:
- Add support for clark notation for namespaces in class map.
- Mitigate #51561 (SoapServer with a extented class and using sessions, lost the setPersistence()).
- Fixed bug #49278 (SoapClient::__getLastResponseHeaders returns NULL if wsdl operation !has output).
- Fixed bug #44383 (PHP DateTime not converted to xsd:datetime).
- Fixed bug GH-11941 (soap with session persistence will silently fail when „session“ built as a shared object).
- Passing an int to SoapServer::addFunction() is now deprecated. If all PHP functions need to be provided flatten the array returned by get_defined_functions().
- The SOAP_FUNCTIONS_ALL constant is now deprecated.
- Fixed bug #61525 (SOAP functions require at least one space after HTTP header colon).
- Implement request #47317 (SoapServer::__getLastResponse()).
- Sockets:
- Removed the deprecated inet_ntoa call support.
- Added the SO_EXECLUSIVEADDRUSE windows constant.
- Added the SOCK_CONN_DGRAM/SOCK_DCCP netbsd constants.
- Added multicast group support for ipv4 on FreeBSD.
- Added the TCP_SYNCNT constant for Linux to set number of attempts to send SYN packets from the client.
- Added the SO_EXCLBIND constant for exclusive socket binding on illumos/solaris.
- Updated the socket_create_listen backlog argument default value to SOMAXCONN.
- Added the SO_NOSIGPIPE constant to control the generation of SIGPIPE for macOs and FreeBSD.
- Added SO_LINGER_SEC for macOs, true equivalent of SO_LINGER in other platforms.
- Add close-on-exec on socket created with socket_accept on unixes.
- Added IP_PORTRANGE* constants for BSD systems to control ephemeral port ranges.
- Added SOCK_NONBLOCK/SOCK_CLOEXEC constants for socket_create and socket_create_pair to apply O_NONBLOCK/O_CLOEXEC flags to the newly created sockets.
- Added SO_BINDTOIFINDEX to bind a socket to an interface index.
- Sodium:
- Add support for AEGIS-128L and AEGIS-256.
- Enable AES-GCM on aarch64 with the ARM crypto extensions.
- SPL:
- Implement SeekableIterator for SplObjectStorage.
- The SplFixedArray::__wakeup() method has been deprecated as it implements __serialize() and __unserialize() which need to be overwritten instead.
- Passing a non-empty string for the $escape parameter of: – SplFileObject::setCsvControl() – SplFileObject::fputcsv() – SplFileObject::fgetcsv() is now deprecated.
- Standard:
- Implement GH-12188 (Indication for the int size in phpinfo()).
- Partly fix GH-12143 (Incorrect round() result for 0.49999999999999994).
- Fix GH-12252 (round(): Validate the rounding mode).
- Increase the default BCrypt cost to 12.
- Fixed bug GH-12592 (strcspn() odd behaviour with NUL bytes and empty mask).
- Removed the deprecated inet_ntoa call support.
- Cast large floats that are within int range to int in number_format so the precision is not lost.
- Add support for 4 new rounding modes to the round() function.
- debug_zval_dump() now indicates whether an array is packed.
- Fix GH-12143 (Optimize round).
- Changed return type of long2ip to string from string|false.
- Fix GH-12143 (Extend the maximum precision round can handle by one digit).
- Added the http_get_last_response_headers() and http_clear_last_response_headers() that allows retrieving the same content as the magic $http_response_header variable.
- Add php_base64_encode_ex() API.
- Implemented „Raising zero to the power of negative number“ RFC.
- Added array_find(), array_find_key(), array_all(), and array_any().
- Change highlight_string() and print_r() return type to string|true.
- Fix references in request_parse_body() options array.
- Add RoundingMode enum.
- Unserializing the uppercase ‚S‘ tag is now deprecated.
- Enables crc32 auxiliary detection on OpenBSD.
- Passing a non-empty string for the $escape parameter of: – fputcsv() – fgetcsv() – str_getcsv() is now deprecated.
- The str_getcsv() function now throws ValueErrors when the $separator and $enclosure arguments are not one byte long, or if the $escape is not one byte long or the empty string. This aligns the behaviour to be identical to that of fputcsv() and fgetcsv().
- php_uname() now throws ValueErrors on invalid inputs.
- The „allowed_classes“ option for unserialize() now throws TypeErrors and ValueErrors if it is not an array of class names.
- Implemented GH-15685 (improve proc_open error reporting on Windows).
- Add support for backed enums in http_build_query().
- Fixed bug GH-15982 (Assertion failure with array_find when references are involved).
- Fixed parameter names of fpow() to be identical to pow().
- Streams:
- Implemented GH-15155 (Stream context is lost when custom stream wrapper is being filtered).
- Tidy:
- Failures in the constructor now throw exceptions rather than emitting warnings and having a broken object.
- Add tidyNode::getNextSibling() and tidyNode::getPreviousSibling().
- Windows:
- Update the icon of the Windows executables, e.g. php.exe.
- Fixed bug GH-16199 (GREP_HEADER() is broken).
- XML:
- Added XML_OPTION_PARSE_HUGE parser option.
- Fixed bug #81481 (xml_get_current_byte_index limited to 32-bit numbers on 64-bit builds).
- The xml_set_object() function has been deprecated.
- Passing non-callable strings to the xml_set_*_handler() functions is now deprecated.
- XMLReader:
- Declares class constant types.
- Add XMLReader::fromStream(), XMLReader::fromUri(), XMLReader::fromString().
- Fixed bug GH-15123 (var_dump doesn’t actually work on XMLReader).
- XMLWriter:
- Add XMLWriter::toStream(), XMLWriter::toUri(), XMLWriter::toMemory().
- XSL:
- Implement request #64137 (XSLTProcessor::setParameter() should allow both quotes to be used).
- Implemented „Improve callbacks in ext/dom and ext/xsl“ RFC.
- Added XSLTProcessor::$maxTemplateDepth and XSLTProcessor::$maxTemplateVars.
- Fix trampoline leak in xpath callables.
- Zip:
- Added ZipArchive::ER_TRUNCATED_ZIP added in libzip 1.11.
PHP 8.3.14 Release Notes
- CLI:
- Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang).
- Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
- COM:
- Fixed out of bound writes to SafeArray data.
- Core:
- Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).
- Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646).
- Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).
- Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
- Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes).
- Fixed bug GH-16648 (Use-after-free during array sorting).
- Curl:
- Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).
- Date:
- DBA:
- Fixed bug GH-16390 (dba_open() can segfault for „pathless“ streams).
- DOM:
- Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
- Add missing hierarchy checks to replaceChild.
- Fixed bug GH-16336 (Attribute intern document mismanagement).
- Fixed bug GH-16338 (Null-dereference in ext/dom/node.c).
- Fixed bug GH-16473 (dom_import_simplexml stub is wrong).
- Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element).
- Fixed bug GH-16535 (UAF when using document as a child).
- Fixed bug GH-16593 (Assertion failure in DOM->replaceChild).
- Fixed bug GH-16595 (Another UAF in DOM -> cloneNode).
- EXIF:
- Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file).
- FFI:
- Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
- Filter:
- Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen).
- FPM:
- Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement).
- GD:
- GMP:
- Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).
- Fixed bug GH-16411 (gmp_export() can cause overflow).
- Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
- Fixed gmp_pow() overflow bug with large base/exponents.
- Fixed segfaults and other issues related to operator overloading with GMP objects.
- LDAP:
- Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
- MBstring:
- Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
- MySQLnd:
- Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
- Opcache:
- Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer).
- OpenSSL:
- PDO DBLIB:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
- PDO Firebird:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
- PDO ODBC:
- Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values).
- Phar:
- Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808).
- PHPDBG:
- Fixed bug GH-16174 (Empty string is an invalid expression for ev).
- Reflection:
- Fixed bug GH-16601 (Memory leak in Reflection constructors).
- Session:
- SOAP:
- Sockets:
- Fixed bug with overflow socket_recvfrom $length argument.
- SPL:
- Fixed bug GH-16337 (Use-after-free in SplHeap).
- Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
- Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()).
- Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()).
- Fixed bug GH-16588 (UAF in Observer->serialize).
- Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).
- Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()).
- Fixed bug GH-14687 (segfault on SplObjectIterator instance).
- Fixed bug GH-16604 (Memory leaks in SPL constructors).
- Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).
- Standard:
- Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled).
- Streams:
- Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
- SysVMsg:
- Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized).
- SysVShm:
- Fixed bug GH-16591 (Assertion error in shm_put_var).
- XMLReader:
- Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
- Zlib:
- Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb)
PHP 8.2.26 Release Notes
- CLI:
- Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang).
- Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
- COM:
- Fixed out of bound writes to SafeArray data.
- Core:
- Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15).
- Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646).
- Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline).
- Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
- Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes).
- Fixed bug GH-16648 (Use-after-free during array sorting).
- Curl:
- Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails).
- Date:
- DBA:
- Fixed bug GH-16390 (dba_open() can segfault for „pathless“ streams).
- DOM:
- Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
- Fixed bug GH-16473 (dom_import_simplexml stub is wrong).
- Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element).
- Fixed bug GH-16535 (UAF when using document as a child).
- Fixed bug GH-16593 (Assertion failure in DOM->replaceChild).
- Fixed bug GH-16595 (Another UAF in DOM -> cloneNode).
- EXIF:
- Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file).
- FFI:
- Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
- Filter:
- Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen).
- FPM:
- Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement).
- GD:
- GMP:
- Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).
- Fixed bug GH-16411 (gmp_export() can cause overflow).
- Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
- Fixed gmp_pow() overflow bug with large base/exponents.
- Fixed segfaults and other issues related to operator overloading with GMP objects.
- LDAP:
- Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
- MBstring:
- Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
- MySQLnd:
- Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
- OpenSSL:
- PDO DBLIB:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
- PDO Firebird:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
- PDO ODBC:
- Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values).
- Phar:
- Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808).
- PHPDBG:
- Fixed bug GH-16174 (Empty string is an invalid expression for ev).
- Reflection:
- Fixed bug GH-16601 (Memory leak in Reflection constructors).
- Session:
- SOAP:
- Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
- Sockets:
- Fixed bug with overflow socket_recvfrom $length argument.
- SPL:
- Fixed bug GH-16337 (Use-after-free in SplHeap).
- Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
- Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()).
- Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()).
- Fixed bug GH-16588 (UAF in Observer->serialize).
- Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor).
- Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()).
- Fixed bug GH-14687 (segfault on SplObjectIterator instance).
- Fixed bug GH-16604 (Memory leaks in SPL constructors).
- Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()).
- Standard:
- Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled).
- Streams:
- Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
- SysVMsg:
- Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized).
- SysVShm:
- Fixed bug GH-16591 (Assertion error in shm_put_var).
- XMLReader:
- Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
- Zlib:
- Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb)
PHP 8.1.31 Release Notes
- CLI:
- Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface).
- LDAP:
- Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
- MySQLnd:
- Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929)
- PDO DBLIB:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236)
- PDO Firebird:
- Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236)
- Streams:
- Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234)
- Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233)
Interessiert in verschiedenste IT Themen, schreibe ich in diesem Blog über Software, Hardware, Smart Home, Games und vieles mehr. Ich berichte z.B. über die Installation und Konfiguration von Software als auch von Problemen mit dieser. News sind ebenso spannend, sodass ich auch über Updates, Releases und Neuigkeiten aus der IT berichte. Letztendlich nutze ich Taste-of-IT als eigene Dokumentation und Anlaufstelle bei wiederkehrenden Themen. Ich hoffe ich kann dich ebenso informieren und bei Problemen eine schnelle Lösung anbieten. Wer meinen Aufwand unterstützen möchte, kann gerne eine Tasse oder Pod Kaffe per PayPal spenden – vielen Dank.