Debian 10232 Published by

Ondřej Surý has released PHP 8.4.1, 8.3.14, 8.2.26, 8.1.31, 8.0.30-10, 7.4.33-16, 7.3.33-22, 7.2.34-52, 7.1.33-65, 7.0.33-77, 5.6.40-79 packages for both Debian GNU/Linux 11 (Bullseye) LTS and 12 (Bookworm).





To add the repository:
#!/bin/bash # To add this repository please do:

if [ "$(whoami)" != "root" ]; then
SUDO=sudo
fi

${SUDO} apt-get -y install apt-transport-https lsb-release ca-certificates curl
${SUDO} wget -O /etc/apt/trusted.gpg.d/php.gpg https://packages.sury.org/php/apt.gpg
${SUDO} sh -c 'echo "deb https://packages.sury.org/php/ $(lsb_release -sc) main" > /etc/apt/sources.list.d/php.list'
${SUDO} apt-get update

php-8.4.1

- BcMath:
. [RFC] Add bcfloor, bcceil and bcround to BCMath. (Saki Takamachi)
. Improve performance. (Saki Takamachi, nielsdos)
. Adjust bcround()'s $mode parameter to only accept the RoundingMode
enum. (timwolla, saki)
. Fixed LONG_MAX in BCMath ext. (Saki Takamachi)
. Fixed bcdiv() div by one. (Saki Takamachi)
. [RFC] Support object types in BCMath. (Saki Takamachi)
. bcpow() performance improvement. (Jorg Sowa)
. ext/bcmath: Check for scale overflow. (SakiTakamachi)
. [RFC] ext/bcmath: Added bcdivmod. (SakiTakamachi)
. Fix GH-15968 (Avoid converting objects to strings in operator calculations).
(SakiTakamachi)
. Fixed bug GH-16265 (Added early return case when result is 0)
(Saki Takamachi).
. Fixed bug GH-16262 (Fixed a bug where size_t underflows) (Saki Takamachi).
. Fixed GH-16236 (Fixed a bug in BcMath\Number::pow() and bcpow() when
raising negative powers of 0) (Saki Takamachi).

- Core:
. Added zend_call_stack_get implementation for NetBSD, DragonFlyBSD,
Solaris and Haiku. (David Carlier)
. Enabled ifunc checks on FreeBSD from the 12.x releases. (Freaky)
. Changed the type of PHP_DEBUG and PHP_ZTS constants to bool. (haszi)
. Fixed bug GH-13142 (Undefined variable name is shortened when contains \0).
(nielsdos)
. Fixed bug GH-13178 (Iterator positions incorrect when converting packed
array to hashed). (ilutov)
. Fixed zend fiber build for solaris default mode (32 bits). (David Carlier)
. Fixed zend call stack size for macOs/arm64. (David Carlier)
. Added support for Zend Max Execution Timers on FreeBSD. (Kévin Dunglas)
. Ensure fiber stack is not backed by THP. (crrodriguez)
. Implement GH-13609 (Dump wrapped object in WeakReference class). (nielsdos)
. Added sparc64 arch assembly support for zend fiber. (Claudio Jeker)
. Fixed GH-13581 no space available for TLS on NetBSD. (Paul Ripke)
. Added fiber Sys-V loongarch64 support. (qiangxuhui)
. Adjusted closure names to include the parent function's name. (timwolla)
. Improve randomness of uploaded file names and files created by tempnam().
(Arnaud)
. Added gc and shutdown callbacks to zend_mm custom handlers.
(Florian Engelhardt)
. Fixed bug GH-14650 (Compute the size of pages before allocating memory).
(Julien Voisin)
. Fixed bug GH-11928 (The --enable-re2c-cgoto doesn't add the -g flag).
(Peter Kokot)
. Added the #[\Deprecated] attribute. (beberlei, timwolla)
. Fixed GH-11389 (Allow suspending fibers in destructors). (Arnaud, trowski)
. Fixed bug GH-14801 (Fix build for armv7). (andypost)
. Implemented property hooks RFC. (ilutov)
. Fix GH-14978 (The xmlreader extension phpize build). (Peter Kokot)
. Throw Error exception when encountering recursion during comparison, rather
than fatal error. (ilutov)
. Added missing cstddef include for C++ builds. (cmb)
. Updated build system scripts config.guess to 2024-07-27 and config.sub to
2024-05-27. (Peter Kokot)
. Fixed bug GH-15240 (Infinite recursion in trait hook). (ilutov)
. Fixed bug GH-15140 (Missing variance check for abstract set with asymmetric
type). (ilutov)
. Fixed bug GH-15181 (Disabled output handler is flushed again). (cmb)
. Passing E_USER_ERROR to trigger_error() is now deprecated. (Girgias)
. Fixed bug GH-15292 (Dynamic AVX detection is broken for MSVC). (nielsdos)
. Using "_" as a class name is now deprecated. (Girgias)
. Exiting a namespace now clears seen symbols. (ilutov)
. The exit (and die) language constructs now behave more like a function.
They can be passed liked callables, are affected by the strict_types
declare statement, and now perform the usual type coercions instead of
casting any non-integer value to a string.
As such, passing invalid types to exit/die may now result in a TypeError
being thrown. (Girgias)
. Fixed bug GH-15438 (Hooks on constructor promoted properties without
visibility are ignored). (ilutov)
. Fixed bug GH-15419 (Missing readonly+hook incompatibility check for readonly
classes). (ilutov)
. Fixed bug GH-15187 (Various hooked object iterator issues). (ilutov)
. Fixed bug GH-15456 (Crash in get_class_vars() on virtual properties).
(ilutov)
. Fixed bug GH-15501 (Windows HAVE_<header>_H macros defined to 1 or
undefined). (Peter Kokot)
. Implemented asymmetric visibility for properties. (ilutov)
. Fixed bug GH-15644 (Asymmetric visibility doesn't work with hooks). (ilutov)
. Implemented lazy objects RFC. (Arnaud)
. Fixed bug GH-15686 (Building shared iconv with external iconv library).
(Peter Kokot, zeriyoshi)
. Fixed missing error when adding asymmetric visibility to unilateral virtual
property. (ilutov)
. Fixed bug GH-15693 (Unnecessary include in main.c bloats binary).
(nielsdos)
. Fixed bug GH-15731 (AllowDynamicProperties validation should error on
enums). (DanielEScherzer)
. Fixed bug GH-16040 (Use-after-free of object released in hook). (ilutov)
. Fixed bug GH-16026 (Reuse of dtor fiber during shutdown). (Arnaud)
. Fixed bug GH-15999 (zend_std_write_property() assertion failure with lazy
objects). (Arnaud)
. Fixed bug GH-15960 (Foreach edge cases with lazy objects). (Arnaud)
. Fixed bug GH-16185 (Various hooked object iterator issues). (ilutov)
. Fixed bug OSS-Fuzz #371445205 (Heap-use-after-free in attr_free).
(nielsdos)
. Fixed missing error when adding asymmetric visibility to static properties.
(ilutov)
. Fixed bug OSS-Fuzz #71407 (Null-dereference WRITE in
zend_lazy_object_clone). (Arnaud)
. Fixed bug GH-16574 (Incorrect error "undefined method" messages).
(nielsdos)
. Fixed bug GH-16577 (EG(strtod_state).freelist leaks with opcache.preload).
(nielsdos)
. Fixed bug GH-16615 (Assertion failure in zend_std_read_property). (Arnaud)
. Fixed bug GH-16342 (Added ReflectionProperty::isLazy()). (Arnaud)
. Fixed bug GH-16725 (Incorrect access check for non-hooked props in hooked
object iterator). (ilutov)

- Curl:
. Deprecated the CURLOPT_BINARYTRANSFER constant. (divinity76)
. Bumped required libcurl version to 7.61.0. (Ayesh)
. Added feature_list key to the curl_version() return value. (Ayesh)
. Added constants CURL_HTTP_VERSION_3 (libcurl 7.66) and CURL_HTTP_VERSION_3ONLY
(libcurl 7.88) as options for CURLOPT_HTTP_VERSION (Ayesh Karunaratne)
. Added CURLOPT_TCP_KEEPCNT to set the number of probes to send before
dropping the connection. (David Carlier)
. Added CURLOPT_PREREQFUNCTION Curl option to set a custom callback
after the connection is established, but before the request is
performed. (Ayesh Karunaratne)
. Added CURLOPT_SERVER_RESPONSE_TIMEOUT, which was formerly known as
CURLOPT_FTP_RESPONSE_TIMEOUT. (Ayesh Karunaratne)
. The CURLOPT_DNS_USE_GLOBAL_CACHE option is now silently ignored. (Ayesh Karunaratne)
. Added CURLOPT_DEBUGFUNCTION as a Curl option. (Ayesh Karunaratne)
. Fixed bug GH-16359 (crash with curl_setopt* CURLOPT_WRITEFUNCTION
without null callback). (David Carlier)
. Fixed bug GH-16723 (CURLMOPT_PUSHFUNCTION issues). (cmb)

- Date:
. Added DateTime[Immutable]::createFromTimestamp. (Marc Bennewitz)
. Added DateTime[Immutable]::[get|set]Microsecond. (Marc Bennewitz)
. Constants SUNFUNCS_RET_TIMESTAMP, SUNFUNCS_RET_STRING, and SUNFUNCS_RET_DOUBLE
are now deprecated. (Jorg Sowa)
. Fixed bug GH-13773 (DatePeriod not taking into account microseconds for end
date). (Mark Bennewitz, Derick)

- DBA:
. Passing null or false to dba_key_split() is deprecated. (Grigias)

- Debugging:
. Fixed bug GH-15923 (GDB: Python Exception <class 'TypeError'>:
exceptions must derive from BaseException). (nielsdos)

- DOM:
. Added DOMNode::compareDocumentPosition(). (nielsdos)
. Implement #53655 (Improve speed of DOMNode::C14N() on large XML documents).
(nielsdos)
. Fix cloning attribute with namespace disappearing namespace. (nielsdos)
. Implement DOM HTML5 parsing and serialization RFC. (nielsdos)
. Fix DOMElement->prefix with empty string creates bogus prefix. (nielsdos)
. Handle OOM more consistently. (nielsdos)
. Implemented "Improve callbacks in ext/dom and ext/xsl" RFC. (nielsdos)
. Added DOMXPath::quote() static method. (divinity76)
. Implemented opt-in ext/dom spec compliance RFC. (nielsdos)
. Fixed bug #79701 (getElementById does not correctly work with duplicate
definitions). (nielsdos)
. Implemented "New ext-dom features in PHP 8.4" RFC. (nielsdos)
. Fixed GH-14698 (segfault on DOM node dereference). (David Carlier)
. Improve support for template elements. (nielsdos)
. Fix trampoline leak in xpath callables. (nielsdos)
. Throw instead of silently failing when creating a too long text node in
(DOM)ParentNode and (DOM)ChildNode. (nielsdos)
. Fixed bug GH-15192 (Segmentation fault in dom extension
(html5_serializer)). (nielsdos)
. Deprecated DOM_PHP_ERR constant. (nielsdos)
. Removed DOMImplementation::getFeature(). (nielsdos)
. Fixed bug GH-15331 (Element::$substitutedNodeValue test failed). (nielsdos)
. Fixed bug GH-15570 (Segmentation fault (access null pointer) in
ext/dom/html5_serializer.c). (nielsdos)
. Fixed bug GH-13988 (Storing DOMElement consume 4 times more memory in
PHP 8.1 than in PHP 8.0). (nielsdos)
. Fix XML serializer errata: xmlns="" serialization should be allowed.
(nielsdos)
. Fixed bug GH-15910 (Assertion failure in ext/dom/element.c). (nielsdos)
. Fix unsetting DOM properties. (nielsdos)
. Fixed bug GH-16190 (Using reflection to call Dom\Node::__construct
causes assertion failure). (nielsdos)
. Fix edge-case in DOM parsing decoding. (nielsdos)
. Fixed bug GH-16465 (Heap buffer overflow in DOMNode->getElementByTagName).
(nielsdos)
. Fixed bug GH-16594 (Assertion failure in DOM -> before). (nielsdos)

- Fileinfo:
. Update to libmagic 5.45. (nielsdos)
. Fixed bug #65106 (PHP fails to compile ext/fileinfo). (Guillaume Outters)

- FPM:
. Implement GH-12385 (flush headers without body when calling flush()).
(nielsdos)
. Added DragonFlyBSD system to the list which set FPM_BACKLOG_DEFAULT
to SOMAXCONN. (David Carlier)
. /dev/poll events.mechanism for Solaris/Illumos setting had been retired.
(David Carlier)
. Added memory peak to the scoreboard / status page. (Flávio Heleno)

- FTP:
. Removed the deprecated inet_ntoa call support. (David Carlier)
. Fixed bug #63937 (Upload speed 10 times slower with PHP). (nielsdos)

- GD:
. Fix parameter numbers and missing alpha check for imagecolorset().
(Giovanni Giacobbi)
. imagepng/imagejpeg/imagewep/imageavif now throw an exception on
invalid quality parameter. (David Carlier)
. Check overflow/underflow for imagescale/imagefilter. (David Carlier)
. Added gdImageClone to bundled libgd. (David Carlier)

- Gettext:
. bind_textdomain_codeset, textdomain and d(*)gettext functions
now throw an exception on empty domain. (David Carlier)

- GMP:
. The GMP class is now final and cannot be extended anymore. (Girgias)
. RFC: Change GMP bool cast behavior. (Saki Takamachi)

- Hash:
. Changed return type of hash_update() to true. (nielsdos)
. Added HashContext::__debugInfo(). (timwolla)
. Deprecated passing incorrect data types for options to ext/hash functions.
(nielsdos)
. Added SSE2 and SHA-NI implementation of SHA-256. (timwolla, Colin Percival,
Graham Percival)
. Fix GH-15384 (Build fails on Alpine / Musl for amd64). (timwolla)
. Fixed bug GH-15742 (php_hash_sha.h incompatible with C++). (cmb)

- IMAP:
. Moved to PECL. (Derick Rethans)

- Intl:
. Added IntlDateFormatter::PATTERN constant. (David Carlier)
. Fixed Numberformatter::__construct when the locale is invalid, now
throws an exception. (David Carlier)
. Added NumberFormatter::ROUND_TOWARD_ZERO and ::ROUND_AWAY_FROM_ZERO as
aliases for ::ROUND_DOWN and ::ROUND_UP. (Jorg Sowa)
. Added NumberFormatter::ROUND_HALFODD. (Ayesh Karunaratne)
. Added PROPERTY_IDS_UNARY_OPERATOR, PROPERTY_ID_COMPAT_MATH_START and
PROPERTY_ID_COMPAT_MATH_CONTINUE constants. (David Carlier)
. Added IntlDateFormatter::getIanaID/intltz_get_iana_id method/function.
(David Carlier)
. Set to C++17 standard for icu 74 and onwards. (David Carlier)
. resourcebundle_get(), ResourceBundle::get(), and accessing offsets on a
ResourceBundle object now throw:
- TypeError for invalid offset types
- ValueError for an empty string
- ValueError if the integer index does not fit in a signed 32 bit integer
. ResourceBundle::get() now has a tentative return type of:
ResourceBundle|array|string|int|null
. Added the new Grapheme function grapheme_str_split. (youkidearitai)
. Added IntlDateFormatter::parseToCalendar. (David Carlier)
. Added SpoofChecker::setAllowedChars to set unicode chars ranges.
(David Carlier)

- LDAP:
. Added LDAP_OPT_X_TLS_PROTOCOL_MAX/LDAP_OPT_X_TLS_PROTOCOL_TLS1_3
constants. (StephenWall)

- LibXML:
. Added LIBXML_RECOVER constant. (nielsdos)
. libxml_set_streams_context() now throws immediately on an invalid context
instead of at the use-site. (nielsdos)
. Added LIBXML_NO_XXE constant. (nielsdos)

- MBString:
. Added mb_trim, mb_ltrim and mb_rtrim. (Yuya Hamada)
. Added mb_ucfirst and mb_lcfirst. (Yuya Hamada)
. Updated Unicode data tables to Unicode 15.1. (Ayesh Karunaratne)
. Fixed bug GH-15824 (mb_detect_encoding(): Argument $encodings contains
invalid encoding "UTF8"). (Yuya Hamada)
. Updated Unicode data tables to Unicode 16.0. (Ayesh Karunaratne)

- Mysqli:
. The mysqli_ping() function and mysqli::ping() method are now deprecated,
as the reconnect feature was removed in PHP 8.2. (Kamil Tekiela)
. The mysqli_kill() function and mysqli::kill() method are now deprecated.
If this functionality is needed a SQL "KILL" command can be used instead.
(Kamil Tekiela)
. The mysqli_refresh() function and mysqli::refresh() method are now deprecated.
If this functionality is needed a SQL "FLUSH" command can be used instead.
(Kamil Tekiela)
. Passing explicitly the $mode parameter to mysqli_store_result() has been
deprecated. As the MYSQLI_STORE_RESULT_COPY_DATA constant was only used in
conjunction with this function it has also been deprecated. (Girgias)

- MySQLnd:
. Fixed bug GH-13440 (PDO quote bottleneck). (nielsdos)
. Fixed bug GH-10599 (Apache crash on Windows when using a self-referencing
anonymous function inside a class with an active mysqli connection).
(nielsdos)

- Opcache:
. Added large shared segments support for FreeBSD. (David Carlier)
. If JIT is enabled, PHP will now exit with a fatal error on startup in case
of JIT startup initialization issues. (danog)
. Increased the maximum value of opcache.interned_strings_buffer to 32767 on
64bit archs. (Arnaud)
. Fixed bug GH-13834 (Applying non-zero offset 36 to null pointer in
zend_jit.c). (nielsdos)
. Fixed bug GH-14361 (Deep recursion in zend_cfg.c causes segfault).
(nielsdos)
. Fixed bug GH-14873 (PHP 8.4 min function fails on typed integer).
(nielsdos)
. Fixed bug GH-15490 (Building of callgraph modifies preloaded symbols).
(ilutov)
. Fixed bug GH-15178 (Assertion in tracing JIT on hooks). (ilutov)
. Fixed bug GH-15657 (Segmentation fault in dasm_x86.h). (nielsdos)
. Added opcache_jit_blacklist() function. (Bob)
. Fixed bug GH-16009 (Segmentation fault with frameless functions and
undefined CVs). (nielsdos)
. Fixed bug GH-16186 (Assertion failure in Zend/zend_operators.c). (Arnaud)
. Fixed bug GH-16572 (Incorrect result with reflection in low-trigger JIT).
(nielsdos)
. Fixed GH-16839 (Error on building Opcache JIT for Windows ARM64). (cmb)

- OpenSSL:
. Fixed bug #80269 (OpenSSL sets Subject wrong with extraattribs parameter).
(Jakub Zelenka)
. Implement request #48520 (openssl_csr_new - allow multiple values in DN).
(Jakub Zelenka)
. Introduced new serial_hex parameter to openssl_csr_sign. (Jakub Zelenka,
Florian Sowade)
. Added X509_PURPOSE_OCSP_HELPER and X509_PURPOSE_TIMESTAMP_SIGN constants.
(Vincent Jardin)
. Bumped minimum required OpenSSL version to 1.1.1. (Ayesh Karunaratne)
. Added compile-time option --with-openssl-legacy-provider to enable legacy
provider. (Adam Saponara)
. Added support for Curve25519 + Curve448 based keys. (Manuel Mausz)
. Fixed bug GH-13343 (openssl_x509_parse should not allow omitted seconds in
UTCTimes). (Jakub Zelenka)
. Bumped minimum required OpenSSL version to 1.1.0. (cmb)
. Implement GH-13514 PASSWORD_ARGON2 from OpenSSL 3.2. (Remi)

- Output:
. Clear output handler status flags during handler initialization. (haszi)
. Fixed bug with url_rewriter.hosts not used by output_add_rewrite_var().
(haszi)

- PCNTL:
. Added pcntl_setns for Linux. (David Carlier)
. Added pcntl_getcpuaffinity/pcntl_setcpuaffinity. (David Carlier)
. Updated pcntl_get_signal_handler signal id upper limit to be
more in line with platforms limits. (David Carlier)
. Added pcntl_getcpu for Linux/FreeBSD/Solaris/Illumos. (David Carlier)
. Added pcntl_getqos_class/pcntl_setqos_class for macOs. (David Carlier)
. Added SIGCKPT/SIGCKPTEXIT constants for DragonFlyBSD. (David Carlier)
. Added FreeBSD's SIGTRAP handling to pcntl_siginfo_to_zval. (David Carlier)
. Added POSIX pcntl_waitid. (Vladimir Vrzić)
. Fixed bug GH-16769: (pcntl_sigwaitinfo aborts on signal value
as reference). (David Carlier)

- PCRE:
. Upgrade bundled pcre2lib to version 10.43. (nielsdos)
. Add "/r" modifier. (Ayesh)
. Upgrade bundled pcre2lib to version 10.44. (Ayesh)
. Fixed GH-16189 (underflow on offset argument). (David Carlier)
. Fix UAF issues with PCRE after request shutdown. (nielsdos)

- PDO:
. Fixed setAttribute and getAttribute. (SakiTakamachi)
. Implemented PDO driver-specific subclasses RFC. (danack, kocsismate)
. Added support for PDO driver-specific SQL parsers. (Matteo Beccati)
. Fixed bug GH-14792 (Compilation failure on pdo_* extensions).
(Peter Kokot)
. mysqlnd: support ER_CLIENT_INTERACTION_TIMEOUT. (Appla)
. The internal header php_pdo_int.h is no longer installed; it is not
supposed to be used by PDO drivers. (cmb)
. Fixed bug GH-16167 (Prevent mixing PDO sub-classes with different DSN).
(kocsismate)
. Fixed bug GH-16314 ("Pdo\Mysql object is uninitialized" when opening a
persistent connection). (kocsismate)

- PDO_DBLIB:
. Fixed setAttribute and getAttribute. (SakiTakamachi)
. Added class Pdo\DbLib. (danack, kocsismate)

- PDO_Firebird:
. Fixed setAttribute and getAttribute. (SakiTakamachi)
. Feature: Add transaction isolation level and mode settings to pdo_firebird.
(SakiTakamachi)
. Added class Pdo\Firebird. (danack, kocsismate)
. Added Pdo\Firebird::ATTR_API_VERSION. (SakiTakamachi)
. Added getApiVersion() and removed from getAttribute().
(SakiTakamachi)
. Supported Firebird 4.0 datatypes. (sim1984)
. Support proper formatting of time zone types. (sim1984)
. Fixed GH-15604 (Always make input parameters nullable). (sim1984)

- PDO_MYSQL:
. Fixed setAttribute and getAttribute. (SakiTakamachi)
. Added class Pdo\Mysql. (danack, kocsismate)
. Added custom SQL parser. (Matteo Beccati)
. Fixed GH-15949 (PDO_MySQL not properly quoting PDO_PARAM_LOB binary
data). (mbeccati, lcobucci)

- PDO_ODBC:
. Added class Pdo\Odbc. (danack, kocsismate)

- PDO_PGSQL:
. Fixed GH-12423, DSN credentials being prioritized over the user/password
PDO constructor arguments. (SakiTakamachi)
. Fixed native float support with pdo_pgsql query results. (Yurunsoft)
. Added class Pdo\Pgsql. (danack, kocsismate)
. Retrieve the memory usage of the query result resource. (KentarouTakeda)
. Added Pdo\Pgsql::setNoticeCallBack method to receive DB notices.
(outtersg)
. Added custom SQL parser. (Matteo Beccati)
. Fixed GH-15986 (Double-free due to Pdo\Pgsql::setNoticeCallback()). (cmb,
nielsdos)
. Fixed GH-12940 (Using PQclosePrepared when available instead of
the DEALLOCATE command to free statements resources). (David Carlier)
. Remove PGSQL_ATTR_RESULT_MEMORY_SIZE constant as it is provided by
the new PDO Subclass as Pdo\Pgsql::ATTR_RESULT_MEMORY_SIZE. (Girgias)

- PDO_SQLITE:
. Added class Pdo\Sqlite. (danack, kocsismate)
. Fixed bug #81227 (PDO::inTransaction reports false when in transaction).
(nielsdos)
. Added custom SQL parser. (Matteo Beccati)

- PHPDBG:
. array out of bounds, stack overflow handled for segfault handler on windows.
(David Carlier)
. Fixed bug GH-16041 (Support stack limit in phpdbg). (Arnaud)

- PGSQL:
. Added the possibility to have no conditions for pg_select. (OmarEmaraDev)
. Persistent connections support the PGSQL_CONNECT_FORCE_RENEW flag.
(David Carlier)
. Added pg_result_memory_size to get the query result memory usage.
(KentarouTakeda)
. Added pg_change_password to alter an user's password. (David Carlier)
. Added pg_put_copy_data/pg_put_copy_end to send COPY commands and signal
the end of the COPY. (David Carlier)
. Added pg_socket_poll to poll on the connection. (David Carlier)
. Added pg_jit to get infos on server JIT support. (David Carlier)
. Added pg_set_chunked_rows_size to fetch results per chunk. (David Carlier)
. pg_convert/pg_insert/pg_update/pg_delete ; regexes are now cached.
(David Carlier)

- Phar:
. Fixed bug GH-12532 (PharData created from zip has incorrect timestamp).
(nielsdos)

- POSIX:
. Added POSIX_SC_CHILD_MAX and POSIX_SC_CLK_TCK constants. (Jakub Zelenka)
. Updated posix_isatty to set the error number on file descriptors.
(David Carlier)

- PSpell:
. Moved to PECL. (Derick Rethans)

- Random:
. Fixed bug GH-15094 (php_random_default_engine() is not C++ conforming).
(cmb)
. lcg_value() is now deprecated. (timwolla)

- Readline:
. Fixed readline_info, rl_line_buffer_length/rl_len globals on update.
(David Carlier)
. Fixed bug #51558 (Shared readline build fails). (Peter Kokot)
. Fixed UAF with readline_info(). (David Carlier)

- Reflection:
. Implement GH-12908 (Show attribute name/class in ReflectionAttribute dump).
(nielsdos)
. Make ReflectionGenerator::getFunction() legal after generator termination.
(timwolla)
. Added ReflectionGenerator::isClosed(). (timwolla)
. Fixed bug GH-15718 (Segfault on ReflectionProperty::get{Hook,Hooks}() on
dynamic properties). (DanielEScherzer)
. Fixed bug GH-15694 (ReflectionProperty::isInitialized() is incorrect for
hooked properties). (ilutov)
. Add missing ReflectionProperty::hasHook[s]() methods. (ilutov)
. Add missing ReflectionProperty::isFinal() method. (ilutov)
. Fixed bug GH-16122 (The return value of ReflectionFunction::getNamespaceName()
and ReflectionFunction::inNamespace() for closures is incorrect). (timwolla)
. Fixed bug GH-16162 (No ReflectionProperty::IS_VIRTUAL) (DanielEScherzer)
. Fixed the name of the second parameter of
ReflectionClass::resetAsLazyGhost(). (Arnaud)

- Session:
. INI settings session.sid_length and session.sid_bits_per_character are now
deprecated. (timwolla)
. Emit warnings for non-positive values of session.gc_divisor and negative values
of session.gc_probability. (Jorg Sowa)
. Fixed bug GH-16590 (UAF in session_encode()). (nielsdos)

- SimpleXML:
. Fix signature of simplexml_import_dom(). (nielsdos)

- SNMP:
. Removed the deprecated inet_ntoa call support. (David Carlier)

- SOAP:
. Add support for clark notation for namespaces in class map. (lxShaDoWxl)
. Mitigate #51561 (SoapServer with a extented class and using sessions,
lost the setPersistence()). (nielsdos)
. Fixed bug #49278 (SoapClient::__getLastResponseHeaders returns NULL if
wsdl operation !has output). (nielsdos)
. Fixed bug #44383 (PHP DateTime not converted to xsd:datetime). (nielsdos)
. Fixed bug GH-11941 (soap with session persistence will silently fail when
"session" built as a shared object). (nielsdos)
. Passing an int to SoapServer::addFunction() is now deprecated.
If all PHP functions need to be provided flatten the array returned by
get_defined_functions(). (Girgias)
. The SOAP_FUNCTIONS_ALL constant is now deprecated. (Girgias)
. Fixed bug #61525 (SOAP functions require at least one space after HTTP
header colon). (nielsdos)
. Implement request #47317 (SoapServer::__getLastResponse()). (nielsdos)

- Sockets:
. Removed the deprecated inet_ntoa call support. (David Carlier)
. Added the SO_EXECLUSIVEADDRUSE windows constant. (David Carlier)
. Added the SOCK_CONN_DGRAM/SOCK_DCCP netbsd constants. (David Carlier)
. Added multicast group support for ipv4 on FreeBSD. (jonathan@tangential.ca)
. Added the TCP_SYNCNT constant for Linux to set number of attempts to send
SYN packets from the client. (David Carlier)
. Added the SO_EXCLBIND constant for exclusive socket binding on illumos/solaris.
(David Carlier)
. Updated the socket_create_listen backlog argument default value to SOMAXCONN.
(David Carlier)
. Added the SO_NOSIGPIPE constant to control the generation of SIGPIPE for
macOs and FreeBSD. (David Carlier)
. Added SO_LINGER_SEC for macOs, true equivalent of SO_LINGER in other platforms.
(David Carlier)
. Add close-on-exec on socket created with socket_accept on unixes. (David Carlier)
. Added IP_PORTRANGE* constants for BSD systems to control ephemeral port
ranges. (David Carlier)
. Added SOCK_NONBLOCK/SOCK_CLOEXEC constants for socket_create and
socket_create_pair to apply O_NONBLOCK/O_CLOEXEC flags to the
newly created sockets. (David Carlier)
. Added SO_BINDTOIFINDEX to bind a socket to an interface index.
(David Carlier)

- Sodium:
. Add support for AEGIS-128L and AEGIS-256. (jedisct1)
. Enable AES-GCM on aarch64 with the ARM crypto extensions. (jedisct1)

- SPL:
. Implement SeekableIterator for SplObjectStorage. (nielsdos)
. The SplFixedArray::__wakeup() method has been deprecated as it implements
__serialize() and __unserialize() which need to be overwritten instead.
(TysonAndre)
. Passing a non-empty string for the $escape parameter of:
- SplFileObject::setCsvControl()
- SplFileObject::fputcsv()
- SplFileObject::fgetcsv()
is now deprecated. (Girgias)

- Standard:
. Implement GH-12188 (Indication for the int size in phpinfo()). (timwolla)
. Partly fix GH-12143 (Incorrect round() result for 0.49999999999999994).
(timwolla)
. Fix GH-12252 (round(): Validate the rounding mode). (timwolla)
. Increase the default BCrypt cost to 12. (timwolla)
. Fixed bug GH-12592 (strcspn() odd behaviour with NUL bytes and empty mask).
(nielsdos)
. Removed the deprecated inet_ntoa call support. (David Carlier)
. Cast large floats that are within int range to int in number_format so
the precision is not lost. (Marc Bennewitz)
. Add support for 4 new rounding modes to the round() function. (Jorg Sowa)
. debug_zval_dump() now indicates whether an array is packed. (Max Semenik)
. Fix GH-12143 (Optimize round). (SakiTakamachi)
. Changed return type of long2ip to string from string|false. (Jorg Sowa)
. Fix GH-12143 (Extend the maximum precision round can handle by one digit).
(SakiTakamachi)
. Added the http_get_last_response_headers() and
http_clear_last_response_headers() that allows retrieving the same content
as the magic $http_response_header variable.
. Add php_base64_encode_ex() API. (Remi)
. Implemented "Raising zero to the power of negative number" RFC. (Jorg Sowa)
. Added array_find(), array_find_key(), array_all(), and array_any(). (josh)
. Change highlight_string() and print_r() return type to string|true. (Ayesh)
. Fix references in request_parse_body() options array. (nielsdos)
. Add RoundingMode enum. (timwolla, saki)
. Unserializing the uppercase 'S' tag is now deprecated. (timwolla)
. Enables crc32 auxiliary detection on OpenBSD. (David Carlier)
. Passing a non-empty string for the $escape parameter of:
- fputcsv()
- fgetcsv()
- str_getcsv()
is now deprecated. (Girgias)
. The str_getcsv() function now throws ValueErrors when the $separator and
$enclosure arguments are not one byte long, or if the $escape is not one
byte long or the empty string. This aligns the behaviour to be identical
to that of fputcsv() and fgetcsv(). (Girgias)
. php_uname() now throws ValueErrors on invalid inputs. (Girgias)
. The "allowed_classes" option for unserialize() now throws TypeErrors and
ValueErrors if it is not an array of class names. (Girgias)
. Implemented GH-15685 (improve proc_open error reporting on Windows). (cmb)
. Add support for backed enums in http_build_query(). (ilutov)
. Fixed bug GH-15982 (Assertion failure with array_find when references are
involved). (nielsdos)
. Fixed parameter names of fpow() to be identical to pow(). (Girgias)

- Streams:
. Implemented GH-15155 (Stream context is lost when custom stream wrapper is
being filtered). (Quentin Dreyer)

- Tidy:
. Failures in the constructor now throw exceptions rather than emitting
warnings and having a broken object. (nielsdos)
. Add tidyNode::getNextSibling() and tidyNode::getPreviousSibling().
(nielsdos)

- Windows:
. Update the icon of the Windows executables, e.g. php.exe. (Ayesh,
Nurudin Imširović)
. Fixed bug GH-16199 (GREP_HEADER() is broken). (Peter Kokot)

- XML:
. Added XML_OPTION_PARSE_HUGE parser option. (nielsdos)
. Fixed bug #81481 (xml_get_current_byte_index limited to 32-bit numbers on
64-bit builds). (nielsdos)
. The xml_set_object() function has been deprecated. (Girgias)
. Passing non-callable strings to the xml_set_*_handler() functions is now
deprecated. (Girgias)

- XMLReader:
. Declares class constant types. (Ayesh)
. Add XMLReader::fromStream(), XMLReader::fromUri(), XMLReader::fromString(). (nielsdos)
. Fixed bug GH-15123 (var_dump doesn't actually work on XMLReader).
(nielsdos)

- XMLWriter:
. Add XMLWriter::toStream(), XMLWriter::toUri(), XMLWriter::toMemory(). (nielsdos)

- XSL:
. Implement request #64137 (XSLTProcessor::setParameter() should allow both
quotes to be used). (nielsdos)
. Implemented "Improve callbacks in ext/dom and ext/xsl" RFC. (nielsdos)
. Added XSLTProcessor::$maxTemplateDepth and XSLTProcessor::$maxTemplateVars.
(nielsdos)
. Fix trampoline leak in xpath callables. (nielsdos)

- Zip:
. Added ZipArchive::ER_TRUNCATED_ZIP added in libzip 1.11. (Remi)

php-8.3.14

- CLI:
. Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server started through shebang). (ilutov)
. Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos)

- COM:
. Fixed out of bound writes to SafeArray data. (cmb)

- Core:
. Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled with Xcode 16 clang on macOS 15). (nielsdos)
. Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
. Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for call trampoline). (ilutov)
. Fixed bug GH-16509 (Incorrect line number in function redeclaration error). (ilutov)
. Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed early bound classes). (ilutov)
. Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)

- Curl:
. Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if curl_multi_add_handle fails). (timwolla)

- Date:
. Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset). (cmb)
. Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)

- DBA:
. Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)

- DOM:
. Fixed bug GH-16316 (DOMXPath breaks when not initialized properly). (nielsdos)
. Add missing hierarchy checks to replaceChild. (nielsdos)
. Fixed bug GH-16336 (Attribute intern document mismanagement). (nielsdos)
. Fixed bug GH-16338 (Null-dereference in ext/dom/node.c). (nielsdos)
. Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
. Fixed bug GH-16533 (Segfault when adding attribute to parent that is not an element). (nielsdos)
. Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
. Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
. Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)

- EXIF:
. Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a real file). (nielsdos, cmb)

- FFI:
. Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
(nielsdos)

- Filter:
. Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)

- FPM:
. Fixed bug GH-16628 (FPM logs are getting corrupted with this log statement). (nielsdos)

- GD:
. Fixed bug GH-16334 (imageaffine overflow on matrix elements). (David Carlier)
. Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
. Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
(nielsdos)

- GMP:
. Fixed floating point exception bug with gmp_pow when using large exposant values. (David Carlier).
. Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
. Fixed bug GH-16501 (gmp_random_bits() can cause overflow). (David Carlier)
. Fixed gmp_pow() overflow bug with large base/exponents. (David Carlier)
. Fixed segfaults and other issues related to operator overloading with GMP objects. (Girgias)

- LDAP:
. Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) (nielsdos)

- MBstring:
. Fixed bug GH-16361 (mb_substr overflow on start/length arguments). (David Carlier)

- MySQLnd:
. Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- Opcache:
. Fixed bug GH-16408 (Array to string conversion warning emitted in optimizer). (ilutov)

- OpenSSL:
. Fixed bug GH-16357 (openssl may modify member types of certificate arrays). (cmb)
. Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow). (cmb)
. Fix various memory leaks on error conditions in openssl_x509_parse(). (nielsdos)

- PDO DBLIB:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO ODBC:
. Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)

- Phar:
. Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)

- PHPDBG:
. Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)

- Reflection:
. Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)

- Session:
. Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params). (nielsdos)
. Fixed bug GH-16290 (overflow on cookie_lifetime ini value). (David Carlier)

- SOAP:
. Fixed bug GH-16318 (Recursive array segfaults soap encoding). (nielsdos)
. Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient). (nielsdos)

- Sockets:
. Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)

- SPL:
. Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
. Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()). (ilutov)
. Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
. Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
. Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
. Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed SplFileObject::__constructor). (Girgias)
. Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
. Fixed bug GH-14687 (segfault on SplObjectIterator instance). (David Carlier)
. Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
. Fixed bug GH-16646 (UAF in ArrayObject::unset() and ArrayObject::exchangeArray()). (ilutov)

- Standard:
. Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with bail enabled). (ilutov)

- Streams:
. Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
. Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

- SysVMsg:
. Fixed bug GH-16592 (msg_send() crashes when a type does not properly serialized). (David Carlier / cmb)

- SysVShm:
. Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)

- XMLReader:
. Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c). (nielsdos)

- Zlib:
. Fixed bug GH-16326 (Memory management is broken for bad dictionaries.) (cmb)

php-8.2.26

- CLI:
. Fixed bug GH-16373 (Shebang is not skipped for router script in cli-server
started through shebang). (ilutov)
. Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data
Processing in CLI SAPI Interface). (nielsdos)

- COM:
. Fixed out of bound writes to SafeArray data. (cmb)

- Core:
. Fixed bug GH-16168 (php 8.1 and earlier crash immediately when compiled
with Xcode 16 clang on macOS 15). (nielsdos)
. Fixed bug GH-16371 (Assertion failure in Zend/zend_weakrefs.c:646). (Arnaud)
. Fixed bug GH-16515 (Incorrect propagation of ZEND_ACC_RETURN_REFERENCE for
call trampoline). (ilutov)
. Fixed bug GH-16509 (Incorrect line number in function redeclaration error).
(ilutov)
. Fixed bug GH-16508 (Incorrect line number in inheritance errors of delayed
early bound classes). (ilutov)
. Fixed bug GH-16648 (Use-after-free during array sorting). (ilutov)

- Curl:
. Fixed bug GH-16302 (CurlMultiHandle holds a reference to CurlHandle if
curl_multi_add_handle fails). (timwolla)

- Date:
. Fixed bug GH-16454 (Unhandled INF in date_sunset() with tiny $utcOffset).
(cmb)
. Fixed bug GH-16037 (Assertion failure in ext/date/php_date.c). (Derick)
. Fixed bug GH-14732 (date_sun_info() fails for non-finite values). (cmb)

- DBA:
. Fixed bug GH-16390 (dba_open() can segfault for "pathless" streams). (cmb)

- DOM:
. Fixed bug GH-16316 (DOMXPath breaks when not initialized properly).
(nielsdos)
. Fixed bug GH-16473 (dom_import_simplexml stub is wrong). (nielsdos)
. Fixed bug GH-16533 (Segfault when adding attribute to parent that is not
an element). (nielsdos)
. Fixed bug GH-16535 (UAF when using document as a child). (nielsdos)
. Fixed bug GH-16593 (Assertion failure in DOM->replaceChild). (nielsdos)
. Fixed bug GH-16595 (Another UAF in DOM -> cloneNode). (nielsdos)

- EXIF:
. Fixed bug GH-16409 (Segfault in exif_thumbnail when not dealing with a
real file). (nielsdos, cmb)

- FFI:
. Fixed bug GH-16397 (Segmentation fault when comparing FFI object).
(nielsdos)

- Filter:
. Fixed bug GH-16523 (FILTER_FLAG_HOSTNAME accepts ending hyphen). (cmb)

- FPM:
. Fixed bug GH-16628 (FPM logs are getting corrupted with this log
statement). (nielsdos)

- GD:
. Fixed bug GH-16334 (imageaffine overflow on matrix elements).
(David Carlier)
. Fixed bug GH-16427 (Unchecked libavif return values). (cmb)
. Fixed bug GH-16559 (UBSan abort in ext/gd/libgd/gd_interpolation.c:1007).
(nielsdos)

- GMP:
. Fixed floating point exception bug with gmp_pow when using
large exposant values. (David Carlier).
. Fixed bug GH-16411 (gmp_export() can cause overflow). (cmb)
. Fixed bug GH-16501 (gmp_random_bits() can cause overflow).
(David Carlier)
. Fixed gmp_pow() overflow bug with large base/exponents.
(David Carlier)
. Fixed segfaults and other issues related to operator overloading with
GMP objects. (Girgias)

- LDAP:
. Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932)
(nielsdos)

- MBstring:
. Fixed bug GH-16361 (mb_substr overflow on start/length arguments).
(David Carlier)

- MySQLnd:
. Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through
heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- OpenSSL:
. Fixed bug GH-16357 (openssl may modify member types of certificate arrays).
(cmb)
. Fixed bug GH-16433 (Large values for openssl_csr_sign() $days overflow).
(cmb)
. Fix various memory leaks on error conditions in openssl_x509_parse().
(nielsdos)

- PDO DBLIB:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing
OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter
causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO ODBC:
. Fixed bug GH-16450 (PDO_ODBC can inject garbage into field values). (cmb)

- Phar:
. Fixed bug GH-16406 (Assertion failure in ext/phar/phar.c:2808). (nielsdos)

- PHPDBG:
. Fixed bug GH-16174 (Empty string is an invalid expression for ev). (cmb)

- Reflection:
. Fixed bug GH-16601 (Memory leak in Reflection constructors). (nielsdos)

- Session:
. Fixed bug GH-16385 (Unexpected null returned by session_set_cookie_params).
(nielsdos)
. Fixed bug GH-16290 (overflow on cookie_lifetime ini value).
(David Carlier)

- SOAP:
. Fixed bug GH-16429 (Segmentation fault access null pointer in SoapClient).
(nielsdos)

- Sockets:
. Fixed bug with overflow socket_recvfrom $length argument. (David Carlier)

- SPL:
. Fixed bug GH-16337 (Use-after-free in SplHeap). (nielsdos)
. Fixed bug GH-16464 (Use-after-free in SplDoublyLinkedList::offsetSet()).
(ilutov)
. Fixed bug GH-16479 (Use-after-free in SplObjectStorage::setInfo()). (ilutov)
. Fixed bug GH-16478 (Use-after-free in SplFixedArray::unset()). (ilutov)
. Fixed bug GH-16588 (UAF in Observer->serialize). (nielsdos)
. Fix GH-16477 (Segmentation fault when calling __debugInfo() after failed
SplFileObject::__constructor). (Girgias)
. Fixed bug GH-16589 (UAF in SplDoublyLinked->serialize()). (nielsdos)
. Fixed bug GH-14687 (segfault on SplObjectIterator instance).
(David Carlier)
. Fixed bug GH-16604 (Memory leaks in SPL constructors). (nielsdos)
. Fixed bug GH-16646 (UAF in ArrayObject::unset() and
ArrayObject::exchangeArray()). (ilutov)

- Standard:
. Fixed bug GH-16293 (Failed assertion when throwing in assert() callback with
bail enabled). (ilutov)

- Streams:
. Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context
might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
. Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with
convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

- SysVMsg:
. Fixed bug GH-16592 (msg_send() crashes when a type does not properly
serialized). (David Carlier / cmb)

- SysVShm:
. Fixed bug GH-16591 (Assertion error in shm_put_var). (nielsdos, cmb)

- XMLReader:
. Fixed bug GH-16292 (Segmentation fault in ext/xmlreader/php_xmlreader.c).
(nielsdos)

- Zlib:
. Fixed bug GH-16326 (Memory management is broken for bad dictionaries.)
(cmb)

php-8.1.31, 8.0.30-10, 7.4.33-16, 7.3.33-22, 7.2.34-52, 7.1.33-65, 7.0.33-77, 5.6.40-79

- CLI:
. Fixed bug GHSA-4w77-75f9-2c8w (Heap-Use-After-Free in sapi_read_post_data Processing in CLI SAPI Interface). (nielsdos)

- LDAP:
. Fixed bug GHSA-g665-fm4p-vhff (OOB access in ldap_escape). (CVE-2024-8932) (nielsdos)

- MySQLnd:
. Fixed bug GHSA-h35g-vwh6-m678 (Leak partial content of the heap through heap buffer over-read). (CVE-2024-8929) (Jakub Zelenka)

- PDO DBLIB:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the dblib quoter causing OOB writes). (CVE-2024-11236) (nielsdos)

- PDO Firebird:
. Fixed bug GHSA-5hqh-c84r-qjcv (Integer overflow in the firebird quoter causing OOB writes). (CVE-2024-11236) (nielsdos)

- Streams:
. Fixed bug GHSA-c5f2-jwm7-mmq2 (Configuring a proxy in a stream context might allow for CRLF injection in URIs). (CVE-2024-11234) (Jakub Zelenka)
. Fixed bug GHSA-r977-prxv-hc43 (Single byte overread with convert.quoted-printable-decode filter). (CVE-2024-11233) (nielsdos)

Screenshot_from_2024_09_28_15_15_27

PHP Packages
Issues Tracker