Software 42837 Published by

PHP-8.3.13 has been officially released, featuring a range of fixes and enhancements. The release encompasses corrections for calendar, jdtounix overflow, easter_days/easter_date overflow, jddayofweek overflow, jewishtojd overflow, CLI, core, DOM, JSON, GD, LDAP, MBString, OpenSSL, PCRE, PHPDBG, Reflection, SAPI, SimpleXML, Sockets, SOAP, SPL, Standard, TSRM, and Windows.



php-8.3.13

- Calendar:
. Fixed GH-16240: jdtounix overflow on argument value. (David Carlier)
. Fixed GH-16241: easter_days/easter_date overflow on year argument.
(David Carlier)
. Fixed GH-16263: jddayofweek overflow. (cmb)
. Fixed GH-16234: jewishtojd overflow. (nielsdos)

- CLI:
. Fixed bug GH-16137: duplicate http headers when set several times by
the client. (David Carlier)

- Core:
. Fixed bug GH-16054 (Segmentation fault when resizing hash table iterator
list while adding). (nielsdos)
. Fixed bug GH-15905 (Assertion failure for TRACK_VARS_SERVER). (cmb)
. Fixed bug GH-15907 (Failed assertion when promoting Serialize deprecation to
exception). (ilutov)
. Fixed bug GH-15851 (Segfault when printing backtrace during cleanup of
nested generator frame). (ilutov)
. Fixed bug GH-15866 (Core dumped in Zend/zend_generators.c). (Arnaud)
. Fixed bug GH-16188 (Assertion failure in Zend/zend_exceptions.c). (Arnaud)
. Fixed bug GH-16233 (Observer segfault when calling user function in
internal function via trampoline). (nielsdos)

- DOM:
. Fixed bug GH-16039 (Segmentation fault (access null pointer) in
ext/dom/parentnode/tree.c). (nielsdos)
. Fixed bug GH-16149 (Null pointer dereference in
DOMElement->getAttributeNames()). (nielsdos)
. Fixed bug GH-16151 (Assertion failure in ext/dom/parentnode/tree.c).
(nielsdos)
. Fixed bug GH-16150 (Use after free in php_dom.c). (nielsdos)
. Fixed bug GH-16152 (Memory leak in DOMProcessingInstruction/DOMDocument).
(nielsdos)

- JSON:
. Fixed bug GH-15168 (stack overflow in json_encode()). (nielsdos)

- GD:
. Fixed bug GH-16232 (bitshift overflow on wbmp file content reading /
fix backport from upstream). (David Carlier)
. Fixed bug GH-12264 (overflow/underflow on imagerotate degrees value)
(David Carlier)
. Fixed bug GH-16274 (imagescale underflow on RBG channels /
fix backport from upstream). (David Carlier)

- LDAP:
. Fixed bug GH-16032 (Various NULL pointer dereferencements in
ldap_modify_batch()). (Girgias)
. Fixed bug GH-16101 (Segfault in ldap_list(), ldap_read(), and ldap_search()
when LDAPs array is not a list). (Girgias)
. Fix GH-16132 (php_ldap_do_modify() attempts to free pointer not allocated
by ZMM.). (Girgias)
. Fix GH-16136 (Memory leak in php_ldap_do_modify() when entry is not a
proper dictionary). (Girgias)

- MBString:
. Fixed bug GH-16261 (Reference invariant broken in mb_convert_variables()).
(nielsdos)

- OpenSSL:
. Fixed stub for openssl_csr_new. (Jakub Zelenka)

- PCRE:
. Fixed bug GH-16189 (underflow on offset argument). (David Carlier)
. Fixed bug GH-16184 (UBSan address overflowed in ext/pcre/php_pcre.c).
(nielsdos)

- PHPDBG:
. Fixed bug GH-15901 (phpdbg: Assertion failure on i funcs). (cmb)
. Fixed bug GH-16181 (phpdbg: exit in exception handler reports fatal error).
(cmb)

- Reflection:
. Fixed bug GH-16187 (Assertion failure in ext/reflection/php_reflection.c).
(DanielEScherzer)

- SAPI:
. Fixed bug GH-15395 (php-fpm: zend_mm_heap corrupted with cgi-fcgi request).
(Jakub Zelenka, David Carlier)

- SimpleXML:
. Fixed bug GH-15837 (Segmentation fault in ext/simplexml/simplexml.c).
(nielsdos)

- Sockets:
. Fixed bug GH-16267 (socket_strerror overflow on errno argument).
(David Carlier)

- SOAP:
. Fixed bug #73182 (PHP SOAPClient does not support stream context HTTP
headers in array form). (nielsdos)
. Fixed bug #62900 (Wrong namespace on xsd import error message). (nielsdos)
. Fixed bug GH-15711 (SoapClient can't convert BackedEnum to scalar value).
(nielsdos)
. Fixed bug GH-16237 (Segmentation fault when cloning SoapServer). (nielsdos)
. Fix Soap leaking http_msg on error. (nielsdos)
. Fixed bug GH-16256 (Assertion failure in ext/soap/php_encoding.c:460).
(nielsdos)
. Fixed bug GH-16259 (Soap segfault when classmap instantiation fails).
(nielsdos)

- SPL:
. Fixed bug GH-15918 (Assertion failure in ext/spl/spl_fixedarray.c).
(nielsdos)

- Standard:
. Fixed bug GH-16053 (Assertion failure in Zend/zend_hash.c). (Arnaud)
. Fixed bug GH-15169 (stack overflow when var serialization in
ext/standard/var). (nielsdos)

- Streams:
. Fixed bugs GH-15908 and GH-15026 (leak / assertion failure in streams.c).
(nielsdos)
. Fixed bug GH-15980 (Signed integer overflow in main/streams/streams.c).
(cmb)

- TSRM:
. Prevent closing of unrelated handles. (cmb)

- Windows:
. Fixed minimal Windows version. (cmb)

Release php-8.3.13 · php/php-src