| Version | Change log |
| PHP 8.4.1 Nov 20, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.14 Nov 19, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.13 Oct 23, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.12 Sep 25, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.11 Aug 28, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.10 Jul 31, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
| PHP 8.3.9 Jul 16, 2024 |
Core: Fixed GH-13569 (GC buffer unnecessarily grows up to GC_MAX_BUF_SIZE when scanning WeakMaps). Fixed bug GH-13612 (Corrupted memory in destructor with weak references). Fixed bug GH-13446 (Restore exception handler after it finishes). Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). Fixed bug GH-13670 (GC does not scale well with a lot of objects created in destructor). DOM: Add some missing ZPP checks. Fix potential memory leak in XPath evaluation results. FPM: Fixed GH-11086 (FPM: config test runs twice in daemonised mode). Fix incorrect check in fpm_shm_free(). GD: Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). Gettext: Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5 with category set to LC_ALL. MySQLnd: Fix GH-13452 (Fixed handshake response [mysqlnd]). Fix incorrect charset length in check_mb_eucjpms(). Opcache: Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null). Fixed GH-13712 (Segmentation fault for enabled observers when calling trait method of internal trait when opcache is loaded). Random: Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown modes). Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between requests when MT_RAND_PHP is used). Session: Fixed bug GH-13680 (Segfault with session_decode and compilation error). SPL: Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). Standard: Fixed bug GH-11808 (Live filesystem modified by tests). Fixed GH-13402 (Added validation of `n` in $additional_headers of mail()). Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows). Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command parameter of proc_open). (CVE-2024-1874) Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to partial CVE-2022-31629 fix). (CVE-2024-2756) Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true, opening ATO risk). (CVE-2024-3096) Fixed bug GHSA-fjp9-9hwx-59fq (mb_ |
