PHP 7 ChangeLog
7.4 | 7.3 | 7.2 | 7.1 | 7.0
Version 7.4.33
03 Nov 2022
GD:
Fixed bug #81739 : OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
Hash:
Fixed bug #81738 : buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
Version 7.4.32
29 Sep 2022
Core:
Fixed bug #81726 : phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
Fixed bug #81727 : Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
Version 7.4.30
09 Jun 2022
mysqlnd:
Fixed bug #81719 : mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
pgsql:
Fixed bug #81720 : Uninitialized array in pg_query_params(). (CVE-2022-31625)
Version 7.4.29
14 Apr 2022
Core:
No source changes to this release. This update allows for re-building the
Windows binaries against upgraded dependencies which have received security
updates.
Date:
Updated to latest IANA timezone database (2022a).
Version 7.4.28
17 Feb 2022
Filter:
Fix #81708: UAF due to php_filter_float() failing for ints (CVE-2021-21708)
Version 7.4.27
16 Dec 2021
Core:
Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
FPM:
Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
GD:
Fixed bug #71316 (libpng warning from imagecreatefromstring).
OpenSSL:
Fixed bug #75725 (./configure: detecting RAND_egd).
PCRE:
Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
Standard:
Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
Version 7.4.26
18 Nov 2021
Core:
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Date:
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
MBString:
Fixed bug #76167 (mbstring may use pointer from some previous request).
MySQLi:
Fixed bug #81494 (Stopped unbuffered query does not throw error).
PCRE:
Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
Streams:
Fixed bug #54340 (Memory corruption with user_filter).
XML:
Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
Version 7.4.25
21 Oct 2021
DOM:
Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
FFI:
Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
Fileinfo:
Fixed bug #78987 (High memory usage during encoding detection).
Filter:
Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
FPM:
Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
SPL:
Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
Streams:
Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
XML:
Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
Zip:
Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
Version 7.4.24
23 Sep 2021
Core:
Fixed bug #81302 (Stream position after stream filter removed).
Fixed bug #81346 (Non-seekable streams don't update position after write).
Fixed bug #73122 (Integer Overflow when concatenating strings).
GD:
Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
Opcache:
Fixed bug #81353 (segfault with preloading and statically bound closure).
Shmop:
Fixed bug #81407 (shmop_open won't attach and causes php to crash).
Standard:
Fixed bug #71542 (disk_total_space does not work with relative paths).
Fixed bug #81400 (Unterminated string in dns_get_record() results).
SysVMsg:
Fixed bug #78819 (Heap Overflow in msg_send).
XML:
Fixed bug #81351 (xml_parse may fail, but has no error code).
Zip:
Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)
Version 7.4.23
26 Aug 2021
Core:
Fixed bug #72595 (php_output_handler_append illegal write access).
Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()).
Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
BCMath:
Fixed bug #78238 (BCMath returns "-0").
CGI:
Fixed bug #80849 (HTTP Status header truncation).
GD:
Fixed bug #51498 (imagefilledellipse does not work for large circles).
MySQLi:
Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()).
OpenSSL:
Fixed bug #81327 (Error build openssl extension on php 7.4.22).
PDO_ODBC:
Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL).
Phar:
Fixed bug #81211 : Symlinks are followed when creating PHAR archive.(cmb)
Shmop:
Fixed bug #81283 (shmop can't read beyond 2147483647 bytes).
Standard:
Fixed bug #72146 (Integer overflow on substr_replace).
Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
Fixed bug #74960 (Heap buffer overflow via str_repeat).
Streams:
Fixed bug #81294 (Segfault when removing a filter).
Version 7.4.22
29 Jul 2021
Core:
Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process).
Fixed bug #73630 (Built-in Webserver - overwrite $_SERVER['request_uri']).
Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe).
Fixed bug #73226 (--r[fcez] always return zero exit code).
Intl:
Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone).
Fixed bug #74264 (grapheme_strrpos() broken for negative offsets).
OpenSSL:
Fixed bug #52093 (openssl_csr_sign truncates $serial).
PCRE:
Fixed bug #81101 (PCRE2 10.37 shows unexpected result).
Fixed bug #81243 (Too much memory is allocated for preg_replace()).
Standard:
Fixed bug #81223 (flock() only locks first byte of file).
Version 7.4.21
01 Jul 2021
Core:
Fixed bug #81068 (Double free in realpath_cache_clean()).
Fixed bug #76359 (open_basedir bypass through adding "..").
Fixed bug #81090 (Typed property performance degradation with .= operator).
Fixed bug #81070 (Integer underflow in memory limit comparison).
Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
Bzip2:
Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
OpenSSL:
Fixed bug #76694 (native Windows cert verification uses CN as server name).
PDO_Firebird:
Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
Standard:
Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
Version 7.4.20
03 Jun 2021
Core:
Fixed bug #80929 (Method name corruption related to repeated calls to call_user_func_array).
Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
Fixed bug #80972 (Memory exhaustion on invalid string offset).
FPM:
Fixed bug #65800 (Events port mechanism).
FTP:
Fixed bug #80901 (Info leak in ftp extension).
Fixed bug #79100 (Wrong FTP error messages).
GD:
Fixed bug #81032 (GD install is affected by external libgd installation).
MBString:
Fixed bug #81011 (mb_convert_encoding removes references from arrays).
ODBC:
Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator).
PDO_MySQL:
Fixed bug #81037 (PDO discards error message text from prepared statement).
PDO_ODBC:
Fixed bug #44643 (bound parameters ignore explicit type definitions).
pgsql:
Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
SPL:
Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
Opcache:
Fixed bug #80900 (switch statement behavior inside function).
Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition).
XMLReader:
Fixed bug #73246 (XMLReader: encoding length not checked).
Zip:
Fixed bug #80863 (ZipArchive::extractTo() ignores references).
Version 7.4.19
06 May 2021
PDO_pgsql:
Reverted bug fix for #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
Version 7.4.18
29 Apr 2021
Core:
Fixed bug #80781 (Error handler that throws ErrorException infinite loop).
Fixed bug #75776 (Flushing streams with compression filter is broken).
Dba:
Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
DOM:
Fixed bug #66783 (UAF when appending DOMDocument to element).
FPM:
Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
FTP:
Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
Imap:
Fixed bug #80710 (imap_mail_compose() header injection).
Intl:
Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
LibXML:
Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
MySQLnd:
Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
Opcache:
Fixed bug #80805 (create simple class and get error in opcache.so).
Fixed bug #80950 (Variables become null in if statements).
Pcntl:
Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
PCRE:
Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
PDO_ODBC:
Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
PDO_pgsql:
Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
phpdbg:
Fixed bug #80757 (Exit code is 0 when could not open file).
Session:
Fixed bug #80774 (session_name() problem with backslash).
Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
SOAP:
Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
Standard:
Fixed bug #78719 (http wrapper silently ignores long Location headers).
Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
MySQLi:
Fixed bug #74779 (x() and y() truncating floats to integers).
OPcache:
Fixed bug #80682 (opcache doesn't honour pcre.jit option).
OpenSSL:
Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
Phar:
Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
Fixed bug #53467 (Phar cannot compress large archives).
SPL:
Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
Zip:
Fixed bug #80648 (Fix for bug 79296 should be based on runtime version).
Version 7.4.16
04 Mar 2021
Core:
Fixed bug #80706 (mail(): Headers after Bcc headers may be ignored).
MySQLnd:
Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
MySQLi:
Fixed bug #74779 (x() and y() truncating floats to integers).
OPcache:
Fixed bug #80682 (opcache doesn't honour pcre.jit option).
OpenSSL:
Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
Phar:
Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon) (cmb)
Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
Fixed bug #53467 (Phar cannot compress large archives).
SPL:
Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
Standard:
Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
Zip:
Fixed bug #80648 (Fix for bug 79296 should be based on runtime version).
Version 7.4.15
04 Feb 2021
Core:
Fixed bug #80523 (bogus parse error on >4GB source code).
Fixed bug #80384 (filter buffers entire read until file closed).
Curl:
Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
Date:
Fixed bug #80376 (last day of the month causes runway cpu usage.
MySQLi:
Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
Phar:
Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
SOAP:
Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
Version 7.4.14
07 Jan 2021
Core:
Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
Fixed bug #80362 (Running dtrace scripts can cause php to crash).
Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
Fixed bug #80402 (configure filtering out -lpthread).
Fixed bug #77069 (stream filter loses final block of data).
Fileinfo:
Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
FPM:
Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
Intl:
Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
OpenSSL:
Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
Phar:
Fixed bug #73809 (Phar Zip parse crash - mmap fail).
Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
PDO MySQL:
Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
Standard:
Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
Fixed bug #80366 (Return Value of zend_fstat() not Checked).
Fixed bug #80411 (References to null-serialized object break serialize()).
Tidy:
Fixed bug #77594 (ob_tidyhandler is never reset).
Zlib:
Fixed bug #48725 (Support for flushing in zlib stream).
Version 7.4.13
26 Nov 2020
Core:
Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
COM:
Fixed bug #62474 (com_event_sink crashes on certain arguments).
DOM:
Fixed bug #80268 (loadHTML() truncates at NUL bytes).
FFI:
Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback).
IMAP:
Fixed bug #64076 (imap_sort() does not return FALSE on failure).
Fixed bug #76618 (segfault on imap_reopen).
Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
Fixed minor regression caused by fixing bug #80220 .
Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
MySQLi:
Fixed bug #79375 (mysqli_store_result does not report error from lock wait timeout).
Fixed bug #76525 (mysqli::commit does not throw if MYSQLI_REPORT_ERROR enabled and mysqlnd used).
Fixed bug #72413 (mysqlnd segfault (fetch_row second parameter typemismatch)).
ODBC:
Fixed bug #44618 (Fetching may rely on uninitialized data).
Opcache:
Fixed bug #79643 (PHP with Opcache crashes when a file with specific name is included).
Fixed run-time binding of preloaded dynamically declared function.
OpenSSL:
Fixed bug #79983 (openssl_encrypt / openssl_decrypt fail with OCB mode).
PDO MySQL:
Fixed bug #66528 (No PDOException or errorCode if database becomes unavailable before PDO::commit).
Fixed bug #65825 (PDOStatement::fetch() does not throw exception on broken server connection).
SNMP:
Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
Standard:
Fixed bug #80266 (parse_url silently drops port number 0).
Version 7.4.12
29 Oct 2020
Core:
Fixed bug #80061 (Copying large files may have suboptimal performance).
Fixed bug #79423 (copy command is limited to size of file it can copy).
Fixed bug #80126 (Covariant return types failing compilation).
Fixed bug #80186 (Segfault when iterating over FFI object).
Calendar:
Fixed bug #80185 (jdtounix() fails after 2037).
IMAP:
Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies).
Fixed bug #80215 (imap_mail_compose() may modify by-val parameters).
Fixed bug #80220 (imap_mail_compose() may leak memory).
Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
Fixed bug #80226 (imap_sort() leaks sortpgm memory).
MySQLnd:
Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with slashes).
Fixed bug #80107 (mysqli_query() fails for ~16 MB long query when compression is enabled).
ODBC:
Fixed bug #78470 (odbc_specialcolumns() no longer accepts $nullable).
Fixed bug #80147 (BINARY strings may not be properly zero-terminated).
Fixed bug #80150 (Failure to fetch error message).
Fixed bug #80152 (odbc_execute() moves internal pointer of $params).
Fixed bug #46050 (odbc_next_result corrupts prepared resource).
OPcache:
Fixed bug #80083 (Optimizer pass 6 removes variables used for ibm_db2 data binding).
Fixed bug #80194 (Assertion failure during block assembly of unreachable free with leading nop).
PCRE:
Updated to PCRE 10.35.
Fixed bug #80118 (Erroneous whitespace match with JIT only).
PDO_ODBC:
Fixed bug #67465 (NULL Pointer dereference in odbc_handle_preparer).
Standard:
Fixed bug #80114 (parse_url does not accept URLs with port 0).
Fixed bug #76943 (Inconsistent stream_wrapper_restore() errors).
Fixed bug #76735 (Incorrect message in fopen on invalid mode).
Tidy:
Fixed bug #77040 (tidyNode::isHtml() is completely broken).
Version 7.4.11
01 Oct 2020
Core:
Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
Fixed bug #79979 (passing value to by-ref param via CUFA crashes).
Fixed bug #80037 (Typed property must not be accessed before initialization when __get() declared).
Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
Calendar:
Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
COM:
Fixed bug #64130 (COM obj parameters passed by reference are not updated).
OPcache:
Fixed bug #80002 (calc free space for new interned string is wrong).
Fixed bug #80046 (FREE for SWITCH_STRING optimized away).
Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
OpenSSL:
Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
PDO:
Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
SOAP:
Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Standard:
Fixed bug #79986 (str_ireplace bug with diacritics characters).
Fixed bug #80077 (getmxrr test bug).
Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
Fixed bug #80067 (Omitting the port in bindto setting errors).
Version 7.4.10
03 Sep 2020
Core:
Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
Fixed bug #77932 (File extensions are case-sensitive).
Fixed bug #79806 (realpath() erroneously resolves link to link).
Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
Fixed bug #79919 (Stack use-after-scope in define()).
Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
Fixed bug #79947 (Memory leak on invalid offset type in compound assignment).
COM:
Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
Exif:
Fixed bug #75785 (Many errors from exif_read_data).
Gettext:
Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
LDAP:
OPcache:
Fixed bug #73060 (php failed with error after temp folder cleaned up).
Fixed bug #79917 (File cache segfault with a static variable in inherited method).
PDO:
Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
Session:
Fixed bug #79724 (Return type does not match in ext/session/mod_mm.c).
Standard:
Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
Fixed bug #79944 (getmxrr always returns true on Alpine linux).
Fixed bug #79951 (Memory leak in str_replace of empty string).
XML:
Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
Version 7.4.9
06 Aug 2020
Apache:
Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
COM:
Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
Fixed bug #63527 (DCOM does not work with Username, Password parameter).
Core:
Fixed bug #79740 (serialize() and unserialize() methods can not be called statically).
Fixed bug #79783 (Segfault in php_str_replace_common).
Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
Fixed bug #79779 (Assertion failure when assigning property of string offset by reference).
Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
Fixed bug #78598 (Changing array during undef index RW error segfaults).
Fixed bug #79784 (Use after free if changing array during undef var during array write fetch).
Fixed bug #79793 (Use after free if string used in undefined index warning is changed).
Fixed bug #79862 (Public non-static property in child should take priority over private static).
Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
Fileinfo:
Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
FTP:
Fixed bug #55857 (ftp_size on large files).
Mbstring:
Fixed bug #79787 (mb_strimwidth does not trim string).
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
Reflection:
Fixed bug #79487 (::getStaticProperties() ignores property modifications).
Fixed bug #69804 (::getStaticPropertyValue() throws on protected props).
Fixed bug #79820 (Use after free when type duplicated into ReflectionProperty gets resolved).
Standard:
Fixed bug #70362 (Can't copy() large 'data://' with open_basedir).
Fixed bug #78008 (dns_check_record() always return true on Alpine).
Fixed bug #79839 (array_walk() does not respect property types).
Version 7.4.8
09 Jul 2020
Core:
Fixed bug #79595 (zend_init_fpu() alters FPU precision).
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed bug #79683 (Fake reflection scope affects __toString()).
Fixed possibly unsupported timercmp() usage.
Exif:
Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes).
Fileinfo:
Fixed bug #79681 (mime_content_type/finfo returning incorrect mimetype).
Filter:
Fixed bug #73527 (Invalid memory access in php_filter_strip).
GD:
Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC).
OpenSSL:
Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
PDO SQLite:
Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
phpdbg:
Fixed bug #73926 (phpdbg will not accept input on restart execution).
Fixed bug #73927 (phpdbg fails with windows error prompt at "watch array").
Fixed several mostly Windows related phpdbg bugs.
SPL:
Fixed bug #79710 (Reproducible segfault in error_handler during GC involved an SplFileObject).
Standard:
Fixed bug #74267 (segfault with streams and invalid data).
Version 7.4.7
11 Jun 2020
Core:
Fixed bug #79599 (coredump in set_error_handler).
Fixed bug #79566 (Private SHM is not private on Windows).
Fixed bug #79489 (.user.ini does not inherit).
Fixed bug #79600 (Regression in 7.4.6 when yielding an array based generator).
Fixed bug #79657 ("yield from" hangs when invalid value encountered).
FFI:
Fixed bug #79571 (FFI: var_dumping unions may segfault).
GD:
Fixed bug #79615 (Wrong GIF header written in GD GIFEncode).
MySQLnd:
Fixed bug #79596 (MySQL FLOAT truncates to int some locales).
Opcache:
Fixed bug #79588 (Boolean opcache settings ignore on/off values).
Fixed bug #79548 (Preloading segfault with inherited method using static variable).
Fixed bug #79603 (RTD collision with opcache).
Standard:
Fixed bug #79561 (dns_get_record() fails with DNS_ALL).
Version 7.4.6
14 May 2020
Core:
Fixed bug #78434 (Generator yields no items after valid() call).
Fixed bug #79477 (casting object into array creates references).
Fixed bug #79514 (Memory leaks while including unexistent file).
Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
Fixed bug #78875 (Long variables cause OOM and temp files are not cleaned). (CVE-2019-11048).
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048).
DOM:
Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
EXIF:
Fixed bug #79336 (ext/exif/tests/bug79046.phpt fails on Big endian arch).
FCGI:
Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString:
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
OpenSSL:
Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
PCRE:
Phar:
Fixed bug #79503 (Memory leak on duplicate metadata).
SimpleXML:
Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
SPL:
Fixed bug #69264 (__debugInfo() ignored while extending SPL classes).
Fixed bug #67369 (ArrayObject serialization drops the iterator class).
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Fixed bug #79447 (Serializing uninitialized typed properties with __sleep should not throw).
Version 7.4.5
16 Apr 2020
Core:
Fixed bug #79364 (When copy empty array, next key is unspecified).
Fixed bug #78210 (Invalid pointer address).
CURL:
Fixed bug #79199 (curl_copy_handle() memory leak).
Date:
Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
Fixed bug #74940 (DateTimeZone loose comparison always true).
FPM:
Implemented FR #77062 (Allow numeric [UG]ID in FPM listen.{owner,group}) (Andre Nathan)
Iconv:
Fixed bug #79200 (Some iconv functions cut Windows-1258).
OPcache:
Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
Session:
Fixed bug #79413 (session_create_id() fails for active sessions).
Shmop:
Fixed bug #79427 (Integer Overflow in shmop_open()).
SimpleXML:
Fixed bug #61597 (SXE properties may lack attributes and content).
SOAP:
Fixed bug #79357 (SOAP request segfaults when any request parameter is missing).
Spl:
Fixed bug #75673 (SplStack::unserialize() behavior).
Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
Standard:
Fixed bug #79330 (shell_exec() silently truncates after a null byte).
Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
Zip:
Fixed bug #79296 (ZipArchive::open fails on empty file).
Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
Version 7.4.4
19 Mar 2020
Core:
Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066)
Fixed bug #79244 (php crashes during parsing INI file).
Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
COM:
Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
Fixed bug #79247 (Garbage collecting variant objects segfaults).
Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
Fixed bug #79332 (php_istreams are never freed).
Fixed bug #79333 (com_print_typeinfo() leaks memory).
CURL:
Fixed bug #79019 (Copied cURL handles upload empty file).
Fixed bug #79013 (Content-Length missing when posting a curlFile with curl).
DOM:
Fixed bug #77569 : (Write Access Violation in DomImplementation).
Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
Enchant:
Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
EXIF:
Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064).
Fileinfo:
Fixed bug #79283 (Segfault in libmagic patch contains a buffer overflow).
FPM:
Fixed bug #77653 (operator displayed instead of the real error message).
Fixed bug #79014 (PHP-FPM & Primary script unknown).
MBstring:
Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full) (CVE-2020-7065).
MySQLi:
Fixed bug #64032 (mysqli reports different client_version).
MySQLnd:
Implemented FR #79275 (Support auth_plugin_caching_sha2_password on Windows).
Opcache:
Fixed bug #79252 (preloading causes php-fpm to segfault during exit).
PCRE:
Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
Fixed bug #79241 (Segmentation fault on preg_match()).
Fixed bug #79257 (Duplicate named groups (?J) prefer last alternative even if not matched).
PDO_ODBC:
Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
Reflection:
Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
SQLite3:
Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
Standard:
Fixed bug #79254 (getenv() w/o arguments not showing changes).
Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
Zip:
Fixed bug #79315 (ZipArchive::addFile doesn't honor start/length parameters).
Version 7.4.3
20 Feb 2020
Core:
Fixed bug #79146 (cscript can fail to run on some systems).
Fixed bug #79155 (Property nullability lost when using multiple property definition).
Fixed bug #78323 (Code 0 is returned on invalid options).
Fixed bug #78989 (Delayed variance check involving trait segfaults).
Fixed bug #79174 (cookie values with spaces fail to round-trip).
Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
COM:
Fixed bug #79247 (Garbage collecting variant objects segfaults).
CURL:
Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
FFI:
Fixed bug #79096 (FFI Struct Segfault).
IMAP:
Fixed bug #79112 (IMAP extension can't find OpenSSL libraries at configure time).
Intl:
Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
Libxml:
Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
MBString:
Fixed bug #79149 (SEGV in mb_convert_encoding with non-string encodings).
MySQLi:
Fixed bug #78666 (Properties may emit a warning on var_dump()).
MySQLnd:
Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
Fixed bug #79011 (MySQL caching_sha2_password Access denied for password with more than 20 chars).
Opcache:
Fixed bug #79114 (Eval class during preload causes class to be only half available).
Fixed bug #79128 (Preloading segfaults if preload_user is used).
Fixed bug #79193 (Incorrect type inference for self::$field =& $field).
OpenSSL:
Fixed bug #79145 (openssl memory leak).
Phar:
Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
Fixed bug #76584 (PharFileInfo::decompress not working).
Reflection:
Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
Session:
Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
Standard:
Fixed bug #78902 (Memory leak when using stream_filter_append).
Fixed bug #78969 (PASSWORD_DEFAULT should match PASSWORD_BCRYPT instead of being null).
Testing:
Fixed bug #78090 (bug45161.phpt takes forever to finish).
XSL:
Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
Zip:
Add ZipArchive::CM_LZMA2 and ZipArchive::CM_XZ constants (since libzip 1.6.0).
Add ZipArchive::RDONLY (since libzip 1.0.0).
Add ZipArchive::ER_* missing constants.
Add ZipArchive::LIBZIP_VERSION constant.
Fixed bug #73119 (Wrong return for ZipArchive::addEmptyDir Method).
Version 7.4.2
23 Jan 2020
Core:
Preloading support on Windows has been disabled.
Fixed bug #79022 (class_exists returns True for classes that are not ready to be used).
Fixed bug #78929 (plus signs in cookie values are converted to spaces).
Fixed bug #78973 (Destructor during CV freeing causes segfault if opline never saved).
Fixed bug #78776 (Abstract method implementation from trait does not check "static").
Fixed bug #78999 (Cycle leak when using function result as temporary).
Fixed bug #79008 (General performance regression with PHP 7.4 on Windows).
Fixed bug #79002 (Serializing uninitialized typed properties with __sleep makes unserialize throw).
CURL:
Fixed bug #79033 (Curl timeout error with specific url and post).
Fixed bug #79063 (curl openssl does not respect PKG_CONFIG_PATH).
Date:
Fixed bug #79015 (undefined-behavior in php_date.c).
DBA:
Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
Exif:
Fixed bug #79046 (NaN to int cast undefined behavior in exif).
Fileinfo:
Fixed bug #74170 (locale information change after mime_content_type).
GD:
Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
Libxml:
Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
Mbstring:
Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
OPcache:
Fixed bug #78961 (erroneous optimization of re-assigned $GLOBALS).
Fixed bug #78950 (Preloading trait method with static variables).
Fixed bug #78903 (Conflict in RTD key for closures results in crash).
Fixed bug #78986 (Opcache segfaults when inheriting ctor from immutable into mutable class).
Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
Fixed bug #79055 (Typed property become unknown with OPcache file cache).
Pcntl:
Fixed bug #78402 (Converting null to string in error message is bad DX).
PDO_PgSQL:
Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
Session:
Fixed bug #79091 (heap use-after-free in session_create_id()).
Fixed bug #79031 (Session unserialization problem).
Shmop:
Fixed bug #78538 (shmop memory leak).
Sqlite3:
Fixed bug #79056 (sqlite does not respect PKG_CONFIG_PATH during compilation).
Spl:
Fixed bug #78976 (SplFileObject::fputcsv returns -1 on failure).
Standard:
Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
Fixed bug #79000 (Non-blocking socket stream reports EAGAIN as error).
Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
Version 7.4.1
18 Dec 2019
Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046).
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044).
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045).
Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049).
Fixed bug #78810 (RW fetches do not throw "uninitialized property" exception).
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
Fixed bug #78296 (is_file fails to detect file).
Fixed bug #78883 (fgets(STDIN) fails on Windows).
Fixed bug #78898 (call_user_func(['parent', ...]) fails while other succeed).
Fixed bug #78904 (Uninitialized property triggers __get()).
Fixed bug #78926 (Segmentation fault on Symfony cache:clear).
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
Fixed bug #78923 (Artifacts when convoluting image with transparency).
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050).
Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047).
FPM:
Fixed bug #76601 (Partially working php-fpm ater incomplete reload).
Fixed bug #78889 (php-fpm service fails to start).
Fixed bug #78916 (php-fpm 7.4.0 don't send mail via mail()).
Intl:
Implemented FR #78912 (INTL Support for accounting format).
Mysqlnd:
Fixed bug #78823 (ZLIB_LIBS not added to EXTRA_LIBS).
OPcache:
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
Fixed bug #78935 (Preloading removes classes that have dependencies).
PCRE:
Fixed bug #78853 (preg_match() may return integer > 1).
Reflection:
Fixed bug #78895 (Reflection detects abstract non-static class as abstract static. IS_IMPLICIT_ABSTRACT is not longer used).
Standard:
Fixed bug #77638 (var_export'ing certain class instances segfaults).
Fixed bug #78840 (imploding $GLOBALS crashes).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
Version 7.4.0
28 Nov 2019
Core:
Implemented RFC: Deprecate curly brace syntax for accessing array elements and string offsets .
Implemented RFC: Deprecations for PHP 7.4 .
Fixed bug #52752 (Crash when lexing).
Fixed bug #60677 (CGI doesn't properly validate shebang line contains #!).
Fixed bug #71030 (Self-assignment in list() may have inconsistent behavior).
Fixed bug #72530 (Use After Free in GC with Certain Destructors).
Fixed bug #75921 (Inconsistent: No warning in some cases when stdObj is created on the fly).
Implemented FR #76148 (Add array_key_exists() to the list of specially compiled functions).
Fixed bug #76430 (__METHOD__ inconsistent outside of method).
Fixed bug #76451 (Aliases during inheritance type checks affected by opcache).
Implemented FR #77230 (Support custom CFLAGS and LDFLAGS from environment).
Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
Fixed bug #77877 (call_user_func() passes $this to static methods).
Fixed bug #78066 (PHP eats the first byte of a program that comes from process substitution).
Fixed bug #78151 (Segfault caused by indirect expressions in PHP 7.4a1).
Fixed bug #78154 (SEND_VAR_NO_REF does not always send reference).
Fixed bug #78182 (Segmentation fault during by-reference property assignment).
Fixed bug #78212 (Segfault in built-in webserver).
Fixed bug #78220 (Can't access OneDrive folder).
Fixed bug #78226 (Unexpected __set behavior with typed properties).
Fixed bug #78239 (Deprecation notice during string conversion converted to exception hangs).
Fixed bug #78335 (Static properties/variables containing cycles report as leak).
Fixed bug #78340 (Include of stream wrapper not reading whole file).
Fixed bug #78344 (Segmentation fault on zend_check_protected).
Fixed bug #78356 (Array returned from ArrayAccess is incorrectly unpacked as argument).
Fixed bug #78379 (Cast to object confuses GC, causes crash).
Fixed bug #78386 (fstat mode has unexpected value on PHP 7.4).
Fixed bug #78396 (Second file_put_contents in Shutdown hangs script).
Fixed bug #78406 (Broken file includes with user-defined stream filters).
Fixed bug #78438 (Corruption when __unserializing deeply nested structures).
Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
Fixed bug #78454 (Consecutive numeric separators cause OOM error).
Fixed bug #78460 (PEAR installation failure).
Fixed bug #78531 (Crash when using undefined variable as object).
Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
Fixed bug #78604 (token_get_all() does not properly tokenize FOO<?php with short_open_tag=0).
Fixed bug #78614 (Does not compile with DTRACE anymore).
Fixed bug #78620 (Out of memory error).
Fixed bug #78632 (method_exists() in php74 works differently from php73 in checking priv. methods).
Fixed bug #78644 (SEGFAULT in ZEND_UNSET_OBJ_SPEC_VAR_CONST_HANDLER).
Fixed bug #78658 (Memory corruption using Closure::bindTo).
Fixed bug #78656 (Parse errors classified as highest log-level).
Fixed bug #78662 (stream_write bad error detection).
Fixed bug #78768 (redefinition of typedef zend_property_info).
Fixed bug #78788 (./configure generates invalid php_version.h).
Fixed incorrect usage of QM_ASSIGN instruction. It must not return IS_VAR. As a side effect, this allowed passing left hand list() "by reference", instead of compile-time error.
CLI:
The built-in CLI server now reports the request method in log files.
COM:
Deprecated registering of case-insensitive constants from typelibs.
Fixed bug #78650 (new COM Crash).
Fixed bug #78694 (Appending to a variant array causes segfault).
CURL:
Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
Implemented FR #77711 (CURLFile should support UNICODE filenames).
Deprecated CURLPIPE_HTTP1.
Deprecated $version parameter of curl_version().
Date:
Updated timelib to 2018.02.
Fixed bug #69044 (discrepency between time and microtime).
Fixed bug #70153 (\DateInterval incorrectly unserialized).
Fixed bug #75232 (print_r of DateTime creating side-effect).
Fixed bug #78383 (Casting a DateTime to array no longer returns its properties).
Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable).
Exif:
Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast).
Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
Fileinfo:
Fixed bug #78075 (finfo_file treats JSON file as text/plain).
Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
Filter:
The filter extension no longer has the --with-pcre-dir on Unix builds, allowing the extension to be once more compiled as shared using ./configure.
Added min_range and max_range options for FILTER_VALIDATE_FLOAT.
FFI:
Added FFI extension.
Fixed bug #78488 (OOB in ZEND_FUNCTION(ffi_trampoline)).
Fixed bug #78543 (is_callable() on FFI\CData throws Exception).
Fixed bug #78716 (Function name mangling is wrong for some parameter types).
Fixed bug #78762 (Failing FFI::cast() may leak memory).
Fixed bug #78761 (Zend memory heap corruption with preload and casting).
Implemented FR #78270 (Support __vectorcall convention with FFI).
Added missing FFI::isNull().
FPM:
Implemented FR #72510 (systemd service should be hardened).
Fixed bug #74083 (master PHP-fpm is stopped on multiple reloads).
Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr notation).
Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
GD:
Implemented the scatter filter (IMG_FILTER_SCATTER).
The bundled libgd behaves now like system libgd wrt. IMG_CROP_DEFAULT never falling back to IMG_CROP_SIDES.
The default $mode parameter of imagecropauto() has been changed to IMG_CROP_DEFAULT; passing -1 is now deprecated.
Added support for aspect ratio preserving scaling to a fixed height for imagescale().
Added TGA read support.
Fixed bug #73291 (imagecropauto() $threshold differs from external libgd).
Fixed bug #76324 (cannot detect recent versions of freetype with pkg-config).
Fixed bug #78314 (missing freetype support/functions with external gd).
GMP:
Fixed bug #78574 (broken shared build).
Hash:
Iconv:
Fixed bug #78342 (Bus error in configure test for iconv //IGNORE).
Fixed bug #78642 (Wrong libiconv version displayed).
Libxml:
Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
InterBase:
Unbundled the InterBase extension and moved it to PECL.
Intl:
Raised requirements to ICU ≥ 50.1.
Changed ResourceBundle to implement Countable.
Changed default of $variant parameter of idn_to_ascii() and idn_to_utf8().
LDAP:
Deprecated ldap_control_paged_result_response and ldap_control_paged_result
LiteSpeed:
Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).
Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
MBString:
Fixed bug #77907 (mb-functions do not respect default_encoding).
Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
MySQLi:
Fixed bug #67348 (Reading $dbc->stat modifies $dbc->affected_rows).
Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
Fixed bug #78179 (MariaDB server version incorrectly detected).
Fixed bug #78213 (Empty row pocket).
MySQLnd:
Fixed connect_attr issues and added the _server_host connection attribute.
Fixed bug #60594 (mysqlnd exposes 160 lines of stats in phpinfo).
ODBC:
Fixed bug #78473 (odbc_close() closes arbitrary resources).
Opcache:
Implemented preloading RFC .
Add opcache.preload_user INI directive.
Added new INI directive opcache.cache_id (Windows only).
Fixed bug #78106 (Path resolution fails if opcache disabled during request).
Fixed bug #78175 (Preloading segfaults at preload time and at runtime).
Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
Fixed bug #78271 (Invalid result of if-else).
Fixed bug #78341 (Failure to detect smart branch in DFA pass).
Fixed bug #78376 (Incorrect preloading of constant static properties).
Fixed bug #78429 (opcache_compile_file(__FILE__); segfaults).
Fixed bug #78512 (Cannot make preload work).
Fixed bug #78514 (Preloading segfaults with inherited typed property).
Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
OpenSSL:
Added TLS 1.3 support to streams including new tlsv1.3 stream.
Added openssl_x509_verify function.
openssl_random_pseudo_bytes() now throws in error conditions.
Changed the default config path (Windows only).
Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
Fixed bug #78391 (Assertion failure in openssl_random_pseudo_bytes).
Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections).
Pcntl:
Fixed bug #77335 (PHP is preventing SIGALRM from specifying SA_RESTART).
PCRE:
Implemented FR #77094 (Support flags in preg_replace_callback).
Fixed bug #72685 (Repeated UTF-8 validation of same string in UTF-8 mode).
Fixed bug #73948 (Preg_match_all should return NULLs on trailing optional capture groups).
Fixed bug #78338 (Array cross-border reading in PCRE).
Fixed bug #78349 (Bundled pcre2 library missing LICENCE file).
PDO:
Implemented FR #71885 (Allow escaping question mark placeholders). https://wiki.php.net/rfc/pdo_escape_placeholders
Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
Implemented FR #78033 (PDO - support username and password specified in DSN).
PDO_Firebird:
Implemented FR #65690 (PDO_Firebird should also support dialect 1).
Implemented FR #77863 (PDO firebird support type Boolean in input parameters).
PDO_MySQL:
Fixed bug #41997 (SP call yields additional empty result set).
Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
Implemented FR #76908 (PDO_OCI getColumnMeta() not implemented).
PDO_SQLite:
Implemented sqlite_stmt_readonly in PDO_SQLite.
Raised requirements to SQLite 3.5.0.
Fixed bug #78192 (SegFault when reuse statement after schema has changed).
Fixed bug #78348 (Remove -lrt from pdo_sqlite.so).
Phar:
Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
phpdbg:
Fixed bug #76596 (phpdbg support for display_errors=stderr).
Fixed bug #76801 (too many open files).
Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
Fixed bug #77805 (phpdbg build fails when readline is shared).
Recode:
Unbundled the recode extension.
Reflection:
Fixed bug #76737 (Unserialized reflection objects are broken, they shouldn't be serializable).
Fixed bug #78263 (\ReflectionReference::fromArrayElement() returns null while item is a reference).
Fixed bug #78410 (Cannot "manually" unserialize class that is final and extends an internal one).
Fixed bug #78697 (ReflectionClass::implementsInterface - inaccurate error message with traits).
Fixed bug #78774 (ReflectionNamedType on Typed Properties Crash).
Session:
Fixed bug #78624 (session_gc return value for user defined session handlers).
SimpleXML:
Implemented FR #65215 (SimpleXMLElement could register as implementing Countable).
Fixed bug #75245 (Don't set content of elements with only whitespaces).
Sockets:
Fixed bug #67619 (Validate length on socket_write).
Fixed bug #78665 (Multicasting may leak memory).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
Fixed bug #78516 (password_hash(): Memory cost is not in allowed range).
SPL:
Fixed bug #77518 (SeekableIterator::seek() should accept 'int' typehint as documented).
Fixed bug #78409 (Segfault when creating instance of ArrayIterator without constructor).
Fixed bug #78436 (Missing addref in SplPriorityQueue EXTR_BOTH mode).
Fixed bug #78456 (Segfault when serializing SplDoublyLinkedList).
SQLite3:
Unbundled libsqlite.
Raised requirements to SQLite 3.7.4.
Forbid (un)serialization of SQLite3, SQLite3Stmt and SQLite3Result.
Added support for the SQLite @name notation.
Added SQLite3Stmt::getSQL() to retrieve the SQL of the statement.
Implemented FR #70950 (Make SQLite3 Online Backup API available).
Standard:
Implemented RFC password hashing registry .
Implemented RFC where password_hash() has argon2i(d) implementations from ext/sodium when PHP is built without libargon.
Implemented FR #38301 (field enclosure behavior in fputcsv).
Implemented FR #51496 (fgetcsv should take empty string as an escape).
Fixed bug #73535 (php_sockop_write() returns 0 on error, can be used to trigger Denial of Service).
Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
Implemented FR #77377 (No way to handle CTRL+C in Windows).
Fixed bug #77930 (stream_copy_to_stream should use mmap more often).
Implemented FR #78177 (Make proc_open accept command array).
Fixed bug #78208 (password_needs_rehash() with an unknown algo should always return true).
Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
Fixed bug #78282 (atime and mtime mismatch).
Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
Fixed bug #78346 (strip_tags no longer handling nested php tags).
Fixed bug #78506 (Error in a php_user_filter::filter() is not reported).
Fixed bug #78549 (Stack overflow due to nested serialized input).
Fixed bug #78759 (array_search in $GLOBALS).
Testing:
Fixed bug #78684 (PCRE bug72463_2 test is sending emails on Linux).
Tidy:
Added TIDY_TAG_* constants for HTML5 elements.
Fixed bug #76736 (wrong reflection for tidy_get_head, tidy_get_html, tidy_get_root, and tidy_getopt)
WDDX:
Deprecated and unbundled the WDDX extension.
Zip:
Fixed bug #78641 (addGlob can modify given remove_path value).
Version 7.3.33
18 Nov 2021
XML:
Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
Version 7.3.32
28 Oct 2021
FPM:
Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation). (CVE-2021-21703)
Version 7.3.31
23 Sep 2021
Zip:
Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination). (CVE-2021-21706)
Version 7.3.30
26 Aug 2021
Phar:
Fixed bug #81211 : Symlinks are followed when creating PHAR archive.
Version 7.3.29
01 Jul 2021
Core:
Fixed bug #81122 : SSRF bypass in FILTER_VALIDATE_URL. (CVE-2021-21705)
PDO_Firebird:
Fixed bug #76448 : Stack buffer overflow in firebird_info_cb. (CVE-2021-21704)
Fixed bug #76449 : SIGSEGV in firebird_handle_doer. (CVE-2021-21704)
Fixed bug #76450 : SIGSEGV in firebird_stmt_execute. (CVE-2021-21704)
Fixed bug #76452 : Crash while parsing blob data in firebird_fetch_blob. (CVE-2021-21704)
Version 7.3.28
29 Apr 2021
Imap:
Fixed bug #80710 (imap_mail_compose() header injection).
Version 7.3.27
04 Feb 2021
SOAP:
Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
Version 7.3.26
07 Jan 2021
Standard:
Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
Fixed bug #80457 (stream_get_contents() fails with maxlength=-1 or default).
Version 7.3.25
26 Nov 2020
Core:
Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
COM:
Fixed bug #62474 (com_event_sink crashes on certain arguments).
DOM:
Fixed bug #80268 (loadHTML() truncates at NUL bytes).
IMAP:
Fixed bug #64076 (imap_sort() does not return FALSE on failure).
Fixed bug #76618 (segfault on imap_reopen).
Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
Fixed minor regression caused by fixing bug #80220 .
Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
Intl:
Fixed bug #80310 (ext-intl with icu4c 68.1: use of undeclared identifier 'TRUE').
ODBC:
Fixed bug #44618 (Fetching may rely on uninitialized data).
SNMP:
Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
Standard:
Fixed bug #80266 (parse_url silently drops port number 0).
Version 7.3.24
29 Oct 2020
Core:
Fixed bug #79423 (copy command is limited to size of file it can copy).
Calendar:
Fixed bug #80185 (jdtounix() fails after 2037).
IMAP:
Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies).
Fixed bug #80215 (imap_mail_compose() may modify by-val parameters).
Fixed bug #80220 (imap_mail_compose() may leak memory).
Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
Fixed bug #80226 (imap_sort() leaks sortpgm memory).
MySQLnd:
Fixed bug #80115 (mysqlnd.debug doesn't recognize absolute paths with slashes).
Fixed bug #80107 (mysqli_query() fails for ~16 MB long query when compression is enabled).
ODBC:
Fixed bug #78470 (odbc_specialcolumns() no longer accepts $nullable).
Fixed bug #80147 (BINARY strings may not be properly zero-terminated).
Fixed bug #80150 (Failure to fetch error message).
Fixed bug #80152 (odbc_execute() moves internal pointer of $params).
Fixed bug #46050 (odbc_next_result corrupts prepared resource).
OPcache:
Fixed bug #80083 (Optimizer pass 6 removes variables used for ibm_db2 data binding).
PDO_ODBC:
Fixed bug #67465 (NULL Pointer dereference in odbc_handle_preparer).
Standard:
Fixed bug #80114 (parse_url does not accept URLs with port 0).
Fixed bug #76943 (Inconsistent stream_wrapper_restore() errors).
Fixed bug #76735 (Incorrect message in fopen on invalid mode).
Tidy:
Fixed bug #77040 (tidyNode::isHtml() is completely broken).
Version 7.3.23
01 Oct 2020
Core:
Fixed bug #80048 (Bug #69100 has not been fixed for Windows).
Fixed bug #80049 (Memleak when coercing integers to string via variadic argument).
Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
Calendar:
Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
COM:
Fixed bug #64130 (COM obj parameters passed by reference are not updated).
OPcache:
Fixed bug #80002 (calc free space for new interned string is wrong).
Fixed bug #79825 (opcache.file_cache causes SIGSEGV when custom opcode handlers changed).
OpenSSL:
Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
PDO:
Fixed bug #80027 (Terrible performance using $query->fetch on queries with many bind parameters).
SOAP:
Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Standard:
Fixed bug #79986 (str_ireplace bug with diacritics characters).
Fixed bug #80077 (getmxrr test bug).
Fixed bug #72941 (Modifying bucket->data by-ref has no effect any longer).
Fixed bug #80067 (Omitting the port in bindto setting errors).
Version 7.3.22
03 Sep 2020
Core:
Fixed bug #79884 (PHP_CONFIG_FILE_PATH is meaningless).
Fixed bug #77932 (File extensions are case-sensitive).
Fixed bug #79806 (realpath() erroneously resolves link to link).
Fixed bug #79895 (PHP_CHECK_GCC_ARG does not allow flags with equal sign).
Fixed bug #79919 (Stack use-after-scope in define()).
Fixed bug #79934 (CRLF-only line in heredoc causes parsing error).
COM:
Fixed bug #48585 (com_load_typelib holds reference, fails on second call).
Exif:
Fixed bug #75785 (Many errors from exif_read_data).
Gettext:
Fixed bug #70574 (Tests fail due to relying on Linux fallback behavior for gettext()).
LDAP:
OPcache:
Fixed bug #73060 (php failed with error after temp folder cleaned up).
PDO:
Fixed bug #64705 (errorInfo property of PDOException is null when PDO::__construct() fails).
Standard:
Fixed bug #79930 (array_merge_recursive() crashes when called with array with single reference).
Fixed bug #79944 (getmxrr always returns true on Alpine linux).
Fixed bug #79951 (Memory leak in str_replace of empty string).
XML:
Fixed bug #79922 (Crash after multiple calls to xml_parser_free()).
Version 7.3.21
06 Aug 2020
Apache:
Fixed bug #79030 (Upgrade apache2handler's php_apache_sapi_get_request_time to return usec).
Core:
Fixed bug #79877 (getimagesize function silently truncates after a null byte).
Fixed bug #79778 (Assertion failure if dumping closure with unresolved static variable).
Fixed bug #79792 (HT iterators not removed if empty array is destroyed).
COM:
Fixed bug #63208 (BSTR to PHP string conversion not binary safe).
Fixed bug #63527 (DCOM does not work with Username, Password parameter).
Curl:
Fixed bug #79741 (curl_setopt CURLOPT_POSTFIELDS asserts on object with declared properties).
Fileinfo:
Fixed bug #79756 (finfo_file crash (FILEINFO_MIME)).
FTP:
Fixed bug #55857 (ftp_size on large files).
Mbstring:
Fixed bug #79787 (mb_strimwidth does not trim string).
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
Standard:
Fixed bug #70362 (Can't copy() large 'data://' with open_basedir).
Fixed bug #79817 (str_replace() does not handle INDIRECT elements).
Fixed bug #78008 (dns_check_record() always return true on Alpine).
Version 7.3.20
09 Jul 2020
Core:
Fixed bug #79650 (php-win.exe 100% cpu lockup).
Fixed bug #79668 (get_defined_functions(true) may miss functions).
Fixed possibly unsupported timercmp() usage.
Exif:
Fixed bug #79687 (Sony picture - PHP Warning - Make, Model, MakerNotes).
Filter:
Fixed bug #73527 (Invalid memory access in php_filter_strip).
GD:
Fixed bug #79676 (imagescale adds black border with IMG_BICUBIC).
OpenSSL:
Fixed bug #62890 (default_socket_timeout=-1 causes connection to timeout).
PDO SQLite:
Fixed bug #79664 (PDOStatement::getColumnMeta fails on empty result set).
SPL:
Fixed bug #79710 (Reproducible segfault in error_handler during GC involved an SplFileObject).
Standard:
Fixed bug #74267 (segfault with streams and invalid data).
Version 7.3.19
11 Jun 2020
Core:
Fixed bug #79566 (Private SHM is not private on Windows).
Fixed bug #79489 (.user.ini does not inherit).
GD:
Fixed bug #79615 (Wrong GIF header written in GD GIFEncode).
MySQLnd:
Fixed bug #79596 (MySQL FLOAT truncates to int some locales).
Opcache:
Fixed bug #79535 (PHP crashes with specific opcache.optimization_level).
Fixed bug #79588 (Boolean opcache settings ignore on/off values).
Standard:
Fixed bug #79561 (dns_get_record() fails with DNS_ALL).
Version 7.3.18
14 May 2020
Core:
Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #79434 (PHP 7.3 and PHP-7.4 crash with NULL-pointer dereference on !CS constant).
Fixed bug #79477 (casting object into array creates references).
Fixed bug #79470 (PHP incompatible with 3rd party file system on demand).
Fixed bug #78784 (Unable to interact with files inside a VFS for Git repository).
DOM:
Fixed bug #78221 (DOMNode::normalize() doesn't remove empty text nodes).
FCGI:
Fixed bug #79491 (Search for .user.ini extends up to root dir).
MBString:
Fixed bug #79441 (Segfault in mb_chr() if internal encoding is unsupported).
OpenSSL:
Fixed bug #79497 (stream_socket_client() throws an unknown error sometimes with <1s timeout).
Phar:
Fixed bug #79503 (Memory leak on duplicate metadata).
SimpleXML:
Fixed bug #79528 (Different object of the same xml between 7.4.5 and 7.4.4).
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Version 7.3.17
16 Apr 2020
Core:
Fixed bug #79364 (When copy empty array, next key is unspecified).
Fixed bug #78210 (Invalid pointer address).
CURL:
Fixed bug #79199 (curl_copy_handle() memory leak).
Date:
Fixed bug #79396 (DateTime hour incorrect during DST jump forward).
Iconv:
Fixed bug #79200 (Some iconv functions cut Windows-1258).
OPcache:
Fixed bug #79412 (Opcache chokes and uses 100% CPU on specific script).
Session:
Fixed bug #79413 (session_create_id() fails for active sessions).
Shmop:
Fixed bug #79427 (Integer Overflow in shmop_open()).
SimpleXML:
Fixed bug #61597 (SXE properties may lack attributes and content).
Spl:
Fixed bug #75673 (SplStack::unserialize() behavior).
Fixed bug #79393 (Null coalescing operator failing with SplFixedArray).
Standard:
Fixed bug #79330 (shell_exec() silently truncates after a null byte).
Fixed bug #79465 (OOB Read in urldecode()). (CVE-2020-7067)
Fixed bug #79410 (system() swallows last chunk if it is exactly 4095 bytes without newline).
Zip:
Fixed bug #79296 (ZipArchive::open fails on empty file).
Fixed bug #79424 (php_zip_glob uses gl_pathc after call to globfree).
Version 7.3.16
19 Mar 2020
Core:
Fixed bug #63206 (restore_error_handler does not restore previous errors mask).
COM:
Fixed bug #66322 (COMPersistHelper::SaveToFile can save to wrong location).
Fixed bug #79242 (COM error constants don't match com_exception codes on x86).
Fixed bug #79248 (Traversing empty VT_ARRAY throws com_exception).
Fixed bug #79299 (com_print_typeinfo prints duplicate variables).
Fixed bug #79332 (php_istreams are never freed).
Fixed bug #79333 (com_print_typeinfo() leaks memory).
DOM:
Fixed bug #77569 : (Write Access Violation in DomImplementation).
Fixed bug #79271 (DOMDocumentType::$childNodes is NULL).
Enchant:
Fixed bug #79311 (enchant_dict_suggest() fails on big endian architecture).
EXIF:
Fixed bug #79282 (Use-of-uninitialized-value in exif). (CVE-2020-7064)
MBstring:
Fixed bug #79371 (mb_strtolower (UTF-32LE): stack-buffer-overflow at php_unicode_tolower_full). (CVE-2020-7065)
MySQLi:
Fixed bug #64032 (mysqli reports different client_version).
PCRE:
Fixed bug #79188 (Memory corruption in preg_replace/preg_replace_callback and unicode).
PDO_ODBC:
Fixed bug #79038 (PDOStatement::nextRowset() leaks column values).
Reflection:
Fixed bug #79062 (Property with heredoc default value returns false for getDocComment).
SQLite3:
Fixed bug #79294 (::columnType() may fail after SQLite3Stmt::reset()).
Standard:
Fixed bug #79329 (get_headers() silently truncates after a null byte). (CVE-2020-7066)
Fixed bug #79254 (getenv() w/o arguments not showing changes).
Fixed bug #79265 (Improper injection of Host header when using fopen for http requests).
Version 7.3.15
20 Feb 2020
Core:
Fixed bug #71876 (Memory corruption htmlspecialchars(): charset `*' not supported).
Fixed bug #79146 (cscript can fail to run on some systems).
Fixed bug #78323 (Code 0 is returned on invalid options).
Fixed bug #76047 (Use-after-free when accessing already destructed backtrace arguments).
CURL:
Fixed bug #79078 (Hypothetical use-after-free in curl_multi_add_handle()).
Intl:
Fixed bug #79212 (NumberFormatter::format() may detect wrong type).
Libxml:
Fixed bug #79191 (Error in SoapClient ctor disables DOMDocument::save()).
MBString:
Fixed bug #79154 (mb_convert_encoding() can modify $from_encoding).
MySQLnd:
Fixed bug #79084 (mysqlnd may fetch wrong column indexes with MYSQLI_BOTH).
OpenSSL:
Fixed bug #79145 (openssl memory leak).
Phar:
Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
Fixed bug #79171 (heap-buffer-overflow in phar_extract_file). (CVE-2020-7061)
Fixed bug #76584 (PharFileInfo::decompress not working).
Reflection:
Fixed bug #79115 (ReflectionClass::isCloneable call reflected class __destruct).
Session:
Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
SPL:
Fixed bug #79151 (heap use after free caused by spl_dllist_it_helper_move_forward).
Standard:
Fixed bug #78902 (Memory leak when using stream_filter_append).
Testing:
Fixed bug #78090 (bug45161.phpt takes forever to finish).
XSL:
Fixed bug #70078 (XSL callbacks with nodes as parameter leak memory).
Version 7.3.14
23 Jan 2020
Core:
Fixed bug #78999 (Cycle leak when using function result as temporary).
CURL:
Fixed bug #79033 (Curl timeout error with specific url and post).
Date:
Fixed bug #79015 (undefined-behavior in php_date.c).
DBA:
Fixed bug #78808 ([LMDB] MDB_MAP_FULL: Environment mapsize limit reached).
Fileinfo:
Fixed bug #74170 (locale information change after mime_content_type).
GD:
Fixed bug #78923 (Artifacts when convoluting image with transparency).
Fixed bug #79067 (gdTransformAffineCopy() may use unitialized values).
Fixed bug #79068 (gdTransformAffineCopy() changes interpolation method).
Libxml:
Fixed bug #79029 (Use After Free's in XMLReader / XMLWriter).
Mbstring:
Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
OPcache:
Fixed bug #79040 (Warning Opcode handlers are unusable due to ASLR).
Pcntl:
Fixed bug #78402 (Converting null to string in error message is bad DX).
PDO_PgSQL:
Fixed bug #78983 (pdo_pgsql config.w32 cannot find libpq-fe.h).
Fixed bug #78980 (pgsqlGetNotify() overlooks dead connection).
Fixed bug #78982 (pdo_pgsql returns dead persistent connection).
Session:
Fixed bug #79091 (heap use-after-free in session_create_id()).
Shmop:
Fixed bug #78538 (shmop memory leak).
Standard:
Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
Fixed bug #54298 (Using empty additional_headers adding extraneous CRLF).
Version 7.3.13
18 Dec 2019
Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
Fixed bug #78943 (mail() may release string with refcount==1 twice). (CVE-2019-11049)
Fixed bug #78787 (Segfault with trait overriding inherited private shadow property).
Fixed bug #78868 (Calling __autoload() with incorrect EG(fake_scope) value).
Fixed bug #78296 (is_file fails to detect file).
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
Fixed bug #78910 (Heap-buffer-overflow READ in exif) (CVE-2019-11047).
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
MBString:
Upgraded bundled Oniguruma to 6.9.4.
OPcache:
Fixed potential ASLR related invalid opline handler issues.
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
PCRE:
Fixed bug #78853 (preg_match() may return integer > 1).
Standard:
Fixed bug #78759 (array_search in $GLOBALS).
Fixed bug #77638 (var_export'ing certain class instances segfaults).
Fixed bug #78840 (imploding $GLOBALS crashes).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
Version 7.3.12
21 Nov 2019
Core:
Fixed bug #78658 (Memory corruption using Closure::bindTo).
Fixed bug #78656 (Parse errors classified as highest log-level).
Fixed bug #78752 (Segfault if GC triggered while generator stack frame is being destroyed).
Fixed bug #78689 (Closure::fromCallable() doesn't handle [Closure, '__invoke']).
COM:
Fixed bug #78694 (Appending to a variant array causes segfault).
Date:
Fixed bug #70153 (\DateInterval incorrectly unserialized).
Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable).
Iconv:
Fixed bug #78642 (Wrong libiconv version displayed).
OpCache:
Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
Fixed bug #78747 (OpCache corrupts custom extension result).
OpenSSL:
Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections).
Reflection:
Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error message with traits).
Sockets:
Fixed bug #78665 (Multicasting may leak memory).
Version 7.3.11
24 Oct 2019
Core:
Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
Fixed bug #78620 (Out of memory error).
Exif:
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)
FPM:
Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
Fixed bug #78413 (request_terminate_timeout does not take effect after fastcgi_finish_request).
MBString:
Fixed bug #78633 (Heap buffer overflow (read) in mb_eregi).
Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
MySQLi:
Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
Mysqlnd:
Fixed bug #78525 (Memory leak in pdo when reusing native prepared statements).
PCRE:
Fixed bug #78272 (calling preg_match() before pcntl_fork() will freeze child process).
PDO_MySQL:
Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
Session:
Fixed bug #78624 (session_gc return value for user defined session handlers).
Standard:
Fixed bug #76342 (file_get_contents waits twice specified timeout).
Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
Zip:
Fixed bug #78641 (addGlob can modify given remove_path value).
Version 7.3.10
26 Sep 2019
Core:
Fixed bug #78220 (Can't access OneDrive folder).
Fixed bug #77922 (Double release of doc comment on inherited shadow property).
Fixed bug #78441 (Parse error due to heredoc identifier followed by digit).
Fixed bug #77812 (Interactive mode does not support PHP 7.3-style heredoc).
FastCGI:
Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows).
FPM:
Fixed bug #78334 (fpm log prefix message includes wrong stdout/stderr notation).
Intl:
Ensure IDNA2003 rules are used with idn_to_ascii() and idn_to_utf8() when requested.
MBString:
Fixed bug #78559 (Heap buffer overflow in mb_eregi).
MySQLnd:
Fixed connect_attr issues and added the _server_host connection attribute.
ODBC:
Fixed bug #78473 (odbc_close() closes arbitrary resources).
PDO_MySQL:
Fixed bug #41997 (SP call yields additional empty result set).
sodium:
Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
Version 7.3.9
29 Aug 2019
Core:
Fixed bug #78363 (Buffer overflow in zendparse).
Fixed bug #78379 (Cast to object confuses GC, causes crash).
Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child).
Curl:
Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
Exif:
Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast).
FPM:
Fixed bug #77185 (Use-after-free in FPM master event handling).
Iconv:
Fixed bug #78342 (Bus error in configure test for iconv //IGNORE).
LiteSpeed:
Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).
MBString:
Fixed bug #78380 (Oniguruma 6.9.3 fixes CVEs). (CVE-2019-13224)
MySQLnd:
Fixed bug #78179 (MariaDB server version incorrectly detected).
Fixed bug #78213 (Empty row pocket).
Opcache:
Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is used).
Standard:
Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).
Fixed bug #78282 (atime and mtime mismatch).
Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
Fixed bug #78346 (strip_tags no longer handling nested php tags).
Version 7.3.8
01 Aug 2019
Core:
Added syslog.filter=raw option.
Fixed bug #78212 (Segfault in built-in webserver).
Date:
Fixed bug #69044 (discrepency between time and microtime).
Updated timelib to 2018.02.
EXIF:
Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
FTP:
Fixed bug #78039 (FTP with SSL memory leak).
Libxml:
Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
LiteSpeed:
Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
Openssl:
Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
Opcache:
Fixed bug #78341 (Failure to detect smart branch in DFA pass).
Fixed bug #78189 (file cache strips last character of uname hash).
Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
Fixed bug #78271 (Invalid result of if-else).
Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
PCRE:
Fixed bug #78338 (Array cross-border reading in PCRE).
Fixed bug #78197 (PCRE2 version check in configure fails for "##.##-xxx" version strings).
PDO_Sqlite:
Fixed bug #78192 (SegFault when reuse statement after schema has changed).
Phar:
Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
Phpdbg:
Fixed bug #78297 (Include unexistent file memory leak).
SQLite:
Upgraded to SQLite 3.28.0.
Standard:
Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
Fixed bug #78269 (password_hash uses weak options for argon2).
Version 7.3.7
04 Jul 2019
Core:
Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
DOM:
Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
MySQLi:
Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message).
Fixed bug #38546 (bindParam incorrect processing of bool types).
MySQLnd:
Fixed bug #77955 (Random segmentation fault in mysqlnd from php-fpm).
Opcache:
Fixed bug #78015 (Incorrect evaluation of expressions involving partials arrays in SCCP).
Fixed bug #78106 (Path resolution fails if opcache disabled during request).
OpenSSL:
Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
phpdbg:
Fixed bug #78050 (SegFault phpdbg + opcache on include file twice).
Sockets:
Fixed bug #78038 (Socket_select fails when resource array contains references).
Sodium:
Fixed bug #78114 (segfault when calling sodium_* functions from eval).
Standard:
Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
Fixed bug #77937 (preg_match failed).
Zip:
Fixed bug #76345 (zip.h not found).
Version 7.3.6
30 May 2019
cURL:
Implemented FR #72189 (Add missing CURL_VERSION_* constants).
Date:
Fixed bug #77909 (DatePeriod::__construct() with invalid recurrence count value).
EXIF:
Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
FPM:
Fixed bug #77934 (php-fpm kill -USR2 not working).
Fixed bug #77921 (static.php.net doesn't work anymore).
GD:
Fixed bug #77943 (imageantialias($image, false); does not work).
Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
Iconv:
Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
JSON:
Fixed bug #77843 (Use after free with json serializer).
Opcache:
Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
PDO_MySQL:
Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
Reflection:
Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
Session:
Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
SOAP:
Fixed bug #77945 (Segmentation fault when constructing SoapClient with WSDL_CACHE_BOTH).
SPL:
Fixed bug #77024 (SplFileObject::__toString() may return array).
SQLite:
Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
Standard:
Fixed bug #77931 (Warning for array_map mentions wrong type).
Fixed bug #78003 (strip_tags output change since PHP 7.3).
Version 7.3.5
02 May 2019
Core:
Fixed bug #77903 (ArrayIterator stops iterating after offsetSet call).
CLI:
Fixed bug #77794 (Incorrect Date header format in built-in server).
EXIF:
Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
Interbase:
Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x).
Intl:
Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale = null).
litespeed:
LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
LDAP:
Fixed bug #77869 (Core dump when using server controls) (mcmic)
Mail:
Fixed bug #77821 (Potential heap corruption in TSendMail()).
mbstring:
Implemented FR #72777 (Implement regex stack limits for mbregex functions).
MySQLi:
Fixed bug #77773 (Unbuffered queries leak memory - MySQLi / mysqlnd).
PCRE:
Fixed bug #77827 (preg_match does not ignore \r in regex flags).
PDO:
Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
phpdbg:
Fixed bug #76801 (too many open files).
Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
Fixed bug #77805 (phpdbg build fails when readline is shared).
Reflection:
Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work).
Fixed bug #77882 (Different behavior: always calls destructor).
Standard:
Fixed bug #77793 (Segmentation fault in extract() when overwriting reference with itself).
Fixed bug #77844 (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
Fixed bug #77853 (Inconsistent substr_compare behaviour with empty haystack).
Version 7.3.4
04 Apr 2019
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77345 (Stack Overflow caused by circular reference in garbage collection).
Fixed bug #76956 (Wrong value for 'syslog.filter' documented in php.ini).
Apache2Handler:
Fixed bug #77648 (BOM in sapi/apache2handler/php_functions.c).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
CLI Server:
Fixed bug #77722 (Incorrect IP set to $_SERVER['REMOTE_ADDR'] on the localhost).
COM:
Fixed bug #77578 (Crash when php unload).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
PCRE:
Fixed bug #76127 (preg_split does not raise an error on invalid UTF-8).
Phar:
Fixed bug #77697 (Crash on Big_Endian platform).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Version 7.3.3
07 Mar 2019
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77329 (Buffer Overflow via overly long Error Messages).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77498 (Custom extension Segmentation fault when declare static property).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Fixed bug #77546 (iptcembed broken function).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
Fixed bug #77626 (Persistence confusion in php_com_import_typelib()).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
Fixed bug #77540 (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
Mbstring:
Fixed bug #77514 (mb_ereg_replace() with trailing backslash adds null byte).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
phpdbg:
Fixed bug #76596 (phpdbg support for display_errors=stderr).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
Fixed bug #77612 (setcookie() sets incorrect SameSite header if all of its options filled).
Version 7.3.2
07 Feb 2019
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
Fixed bug #77387 (Recursion detection broken when printing GLOBALS).
Fixed bug #77376 ("undefined function" message no longer includes namespace).
Fixed bug #77357 (base64_encode / base64_decode doest not work on nested VM).
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77317 (__DIR__, __FILE__, realpath() reveal physical path for subst virtual drive).
Fixed bug #77263 (Segfault when using 2 RecursiveFilterIterator).
Fixed bug #77447 (PHP 7.3 built with ASAN crashes in zend_cpu_supports_avx2).
Fixed bug #77484 (Zend engine crashes when calling realpath in invalid working dir).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
Fileinfo:
Fixed bug #77346 (webm files incorrectly detected as application/octet-stream).
FPM:
Fixed bug #77430 (php-fpm crashes with Main process exited, code=dumped, status=11/SEGV).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77428 (mb_ereg_replace() doesn't replace a substitution variable).
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #77308 (Unbuffered queries memory leak).
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77266 (Assertion failed in dce_live_ranges).
Fixed bug #77257 (value of variable assigned in a switch() construct gets lost).
Fixed bug #77434 (php-fpm workers are segfaulting in zend_gc_addre).
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
Fixed bug #77287 (Opcache literal compaction is incompatible with EXT opcodes).
PCRE:
Fixed bug #77338 (get_browser with empty string).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
PDO MySQL:
Fixed bug #77289 (PDO MySQL segfaults with persistent connection).
SOAP:
Fixed bug #77410 (Segmentation Fault when executing method with an empty parameter).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
SPL:
Fixed bug #77298 (segfault occurs when add property to unserialized empty ArrayObject).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Version 7.3.1
10 Jan 2019
Core:
Fixed bug #76654 (Build failure on Mac OS X on 32-bit Intel).
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
Fixed bug #77291 (magic methods inherited from a trait may be ignored).
CURL:
Fixed bug #77264 (curl_getinfo returning microseconds, not seconds).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
MBString:
Fixed bug #77367 (Negative size parameter in mb_split). (CVE-2019-9025)
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023)
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
Fixed bug #77275 (OPcache optimization problem for ArrayAccess->offsetGet).
PCRE:
Fixed bug #77193 (Infinite loop in preg_replace_callback).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
Soap:
Fixed bug #77088 (Segfault when using SoapClient with null options).
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
Sodium:
Fixed bug #77297 (SodiumException segfaults on PHP 7.3).
SPL:
Fixed bug #77359 (spl_autoload causes segfault).
Fixed bug #77360 (class_uses causes segfault).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
Version 7.3.0
06 Dec 2018
Core:
Improved PHP GC.
Redesigned the old ext_skel program written in PHP, run: 'php ext_skel.php' for all options. This means there are no dependencies, thus making it work on Windows out of the box.
Removed support for BeOS.
Add PHP_VERSION to phpinfo() <title/>.
Add net_get_interfaces().
Implemented flexible heredoc and nowdoc syntax, per RFC https://wiki.php.net/rfc/flexible_heredoc_nowdoc_syntaxes.
Added support for references in list() and array destructuring, per RFC https://wiki.php.net/rfc/list_reference_assignment.
Improved effectiveness of ZEND_SECURE_ZERO for NetBSD and systems without native similar feature.
Added syslog.facility and syslog.ident INI entries for customizing syslog logging.
Fixed bug #75683 (Memory leak in zend_register_functions() in ZTS mode).
Fixed bug #75031 (support append mode in temp/memory streams).
Fixed bug #74860 (Uncaught exceptions not being formatted properly when error_log set to "syslog").
Fixed bug #75220 (Segfault when calling is_callable on parent).
Fixed bug #69954 (broken links and unused config items in distributed ini files).
Fixed bug #74922 (Composed class has fatal error with duplicate, equal const properties).
Fixed bug #63911 (identical trait methods raise errors during composition).
Fixed bug #75677 (Clang ignores fastcall calling convention on variadic function).
Fixed bug #54043 (Remove inconsitency of internal exceptions and user defined exceptions).
Fixed bug #53033 (Mathematical operations convert objects to integers).
Fixed bug #73108 (Internal class cast handler uses integer instead of float).
Fixed bug #75765 (Fatal error instead of Error exception when base class is not found).
Fixed bug #76198 (Wording: "iterable" is not a scalar type).
Fixed bug #76137 (config.guess/config.sub do not recognize RISC-V).
Fixed bug #76427 (Segfault in zend_objects_store_put).
Fixed bug #76422 (ftruncate fails on files > 2GB).
Fixed bug #76509 (Inherited static properties can be desynchronized from their parent by ref).
Fixed bug #76439 (Changed behaviour in unclosed HereDoc).
Fixed bug #63217 (Constant numeric strings become integers when used as ArrayAccess offset).
Fixed bug #33502 (Some nullary functions don't check the number of arguments).
Fixed bug #76392 (Error relocating sapi/cli/php: unsupported relocation type 37).
The declaration and use of case-insensitive constants has been deprecated.
Added syslog.filter INI entry for syslog filtering.
Fixed bug #76667 (Segfault with divide-assign op and __get + __set).
Fixed bug #76030 (RE2C_FLAGS rarely honoured) (Cristian Rodríguez)
Fixed broken zend_read_static_property (Laruence)
Fixed bug #76773 (Traits used on the parent are ignored for child classes).
Fixed bug #76767 (‘asm’ operand has impossible constraints in zend_operators.h).
Fixed bug #76752 (Crash in ZEND_COALESCE_SPEC_TMP_HANDLER - assertion in _get_zval_ptr_tmp failed).
Fixed bug #76820 (Z_COPYABLE invalid definition).
Fixed bug #76510 (file_exists() stopped working for phar://).
Fixed bug #76869 (Incorrect bypassing protected method accessibilty check).
Fixed bug #72635 (Undefined class used by class constant in constexpr generates fatal error).
Fixed bug #76947 (file_put_contents() blocks the directory of the file (__DIR__)).
Fixed bug #76979 (define() error message does not mention resources as valid values).
Fixed bug #76825 (Undefined symbols ___cpuid_count).
Fixed bug #77110 (undefined symbol zend_string_equal_val in C++ build).
Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
BCMath:
Implemented FR #67855 (No way to get current scale in use).
Fixed bug #66364 (BCMath bcmul ignores scale parameter).
Fixed bug #75164 (split_bc_num() is pointless).
Fixed bug #75169 (BCMath errors/warnings bypass PHP's error handling).
CLI:
Fixed bug #44217 (Output after stdout/stderr closed cause immediate exit with status 0).
Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters).
cURL:
Expose curl constants from curl 7.50 to 7.61.
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Implemented FR #74668 : Add DateTime::createFromImmutable() method.
Fixed bug #75222 (DateInterval microseconds property always 0).
Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
Fixed bug #76131 (mismatch arginfo for date_create).
Updated timelib to 2018.01RC1 to address several bugs:
Fixed bug #75577 (DateTime::createFromFormat does not accept 'v' format specifier).
Fixed bug #75642 (Wrap around behaviour for microseconds is not working).
Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
DBA:
Fixed bug #75264 (compiler warnings emitted).
DOM:
Fixed bug #76285 (DOMDocument::formatOutput attribute sometimes ignored).
Fileinfo:
Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
Filter:
Added the 'add_slashes' sanitization mode (FILTER_SANITIZE_ADD_SLASHES).
FPM:
Added fpm_get_status function.
Fixed bug #62596 (getallheaders() missing with PHP-FPM).
Fixed bug #69031 (Long messages into stdout/stderr are truncated incorrectly) - added new log related FPM configuration options: log_limit, log_buffering and decorate_workers_output.
ftp:
Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
GD:
Added support for WebP in imagecreatefromstring().
GMP:
Export internal structures and accessor helpers for GMP object.
Added gmp_binomial(n, k).
Added gmp_lcm(a, b).
Added gmp_perfect_power(a).
Added gmp_kronecker(a, b).
iconv:
Fixed bug #53891 (iconv_mime_encode() fails to Q-encode UTF-8 string).
Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
IMAP:
Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
Fixed bug #77020 (null pointer dereference in imap_mail).
Interbase:
Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
Fixed bug #76443 (php+php_interbase.dll crash on module_shutdown).
intl:
Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
Fixed bug #76829 (Incorrect validation of domain on idn_to_utf8() function).
JSON:
Added JSON_THROW_ON_ERROR flag.
LDAP:
Added ldap_exop_refresh helper for EXOP REFRESH operation with dds overlay.
Added full support for sending and parsing ldap controls.
Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
libxml2:
Fixed bug #75871 (use pkg-config where available).
litespeed:
Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
Fixed bug #75251 (Missing program prefix and suffix).
MBstring:
Updated to Oniguruma 6.9.0.
Fixed bug #65544 (mb title case conversion-first word in quotation isn't capitalized).
Fixed bug #71298 (MB_CASE_TITLE misbehaves with curled apostrophe/quote).
Fixed bug #73528 (Crash in zif_mb_send_mail).
Fixed bug #74929 (mbstring functions version 7.1.1 are slow compared to 5.3 on Windows).
Fixed bug #76319 (mb_strtolower with invalid UTF-8 causes segmentation fault).
Fixed bug #76574 (use of undeclared identifiers INT_MAX and LONG_MAX).
Fixed bug #76594 (Bus Error due to unaligned access in zend_ini.c OnUpdateLong).
Fixed bug #76706 (mbstring.http_output_conv_mimetypes is ignored).
Fixed bug #76958 (Broken UTF7-IMAP conversion).
Fixed bug #77025 (mb_strpos throws Unknown encoding or conversion error).
Fixed bug #77165 (mb_check_encoding crashes when argument given an empty array).
Mysqlnd:
Fixed bug #76386 (Prepared Statement formatter truncates fractional seconds from date/time column).
ODBC:
Removed support for ODBCRouter.
Removed support for Birdstep.
Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
Opcache:
Fixed bug #76466 (Loop variable confusion).
Fixed bug #76463 (var has array key type but not value type).
Fixed bug #76446 (zend_variables.c:73: zend_string_destroy: Assertion `!(zval_gc_flags((str)->gc)).
Fixed bug #76711 (OPcache enabled triggers false-positive "Illegal string offset").
Fixed bug #77058 (Type inference in opcache causes side effects).
Fixed bug #77092 (array_diff_key() - segmentation fault).
OpenSSL:
Added openssl_pkey_derive function.
Add min_proto_version and max_proto_version ssl stream options as well as related constants for possible TLS protocol values.
PCRE:
Implemented https://wiki.php.net/rfc/pcre2-migration.
Upgrade PCRE2 to 10.32.
Fixed bug #75355 (preg_quote() does not quote # control character).
Fixed bug #76512 (\w no longer includes unicode characters).
Fixed bug #76514 (Regression in preg_match makes it fail with PREG_JIT_STACKLIMIT_ERROR).
Fixed bug #76909 (preg_match difference between 7.3 and < 7.3).
PDO_DBlib:
Implemented FR #69592 (allow 0-column rowsets to be skipped automatically).
Expose TDS version as \PDO::DBLIB_ATTR_TDS_VERSION attribute on \PDO instance.
Treat DATETIME2 columns like DATETIME.
Fixed bug #74243 (allow locales.conf to drive datetime format).
PDO_Firebird:
Fixed bug #74462 (PDO_Firebird returns only NULLs for results with boolean for FIREBIRD >= 3.0).
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
PDO SQLite:
Add support for additional open flags
pgsql:
Added new error constants for pg_result_error(): PGSQL_DIAG_SCHEMA_NAME, PGSQL_DIAG_TABLE_NAME, PGSQL_DIAG_COLUMN_NAME, PGSQL_DIAG_DATATYPE_NAME, PGSQL_DIAG_CONSTRAINT_NAME and PGSQL_DIAG_SEVERITY_NONLOCALIZED.
Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Fixed bug #65414 (deal with leading slash when adding files correctly).
Fixed bug #77022 (PharData always creates new files with mode 0666).
Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
readline:
Added completion_append_character and completion_suppress_append options to readline_info() if linked against libreadline.
Session:
Fixed bug #74941 (session fails to start after having headers sent).
SimpleXML:
Fixed bug #54973 (SimpleXML casts integers wrong).
Fixed bug #76712 (Assignment of empty string creates extraneous text node).
Sockets:
Fixed bug #67619 (Validate length on socket_write).
SOAP:
Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #50675 (SoapClient can't handle object references correctly).
Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
SPL:
Fixed bug #74977 (Appending AppendIterator leads to segfault).
Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
Fixed bug #74372 (autoloading file with syntax error uses next autoloader, may hide parse error).
Fixed bug #75878 (RecursiveTreeIterator::setPostfix has wrong signature).
Fixed bug #74519 (strange behavior of AppendIterator).
Fixed bug #76131 (mismatch arginfo for splarray constructor).
SQLite3:
Updated bundled libsqlite to 3.24.0.
Standard:
Added is_countable() function.
Added support for the SameSite cookie directive, including an alternative signature for setcookie(), setrawcookie() and session_set_cookie_params().
Remove superfluous warnings from inet_ntop()/inet_pton().
Fixed bug #75916 (DNS_CAA record results contain garbage).
Fixed unserialize(), to disable creation of unsupported data structures through manually crafted strings.
Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Fixed bug #74719 (fopen() should accept NULL as context).
Fixed bug #69948 (path/domain are not sanitized in setcookie).
Fixed bug #75996 (incorrect url in header for mt_rand).
Added hrtime() function, to get high resolution time.
Fixed bug #48016 (stdClass::__setState is not defined although var_export() uses it).
Fixed bug #76136 (stream_socket_get_name should enclose IPv6 in brackets).
Fixed bug #76688 (Disallow excessive parameters after options array).
Fixed bug #76713 (Segmentation fault caused by property corruption).
Fixed bug #76755 (setcookie does not accept "double" type for expire time).
Fixed bug #76674 (improve array_* failure messages exposing what was passed instead of an array).
Fixed bug #76803 (ftruncate changes file pointer).
Fixed bug #76818 (Memory corruption and segfault).
Fixed bug #77081 (ftruncate() changes seek pointer in c mode).
Testing:
Implemented FR #62055 (Make run-tests.php support --CGI-- sections).
Tidy:
Support using tidyp instead of tidy.
Fixed bug #74707 (Tidy has incorrect ReflectionFunction param counts for functions taking tidy).
Fixed arginfo for tidy::__construct().
Tokenizer:
Fixed bug #76437 (token_get_all with TOKEN_PARSE flag fails to recognise close tag).
Fixed bug #75218 (Change remaining uncatchable fatal errors for parsing into ParseError).
Fixed bug #76538 (token_get_all with TOKEN_PARSE flag fails to recognise close tag with newline).
Fixed bug #76991 (Incorrect tokenization of multiple invalid flexible heredoc strings).
XML:
Fixed bug #71592 (External entity processing never fails).
Zlib:
Added zlib/level context option for compress.zlib wrapper.
Version 7.2.34
01 Oct 2020
Core:
Fixed bug #79699 (PHP parses encoded cookie names so malicious `__Host-` cookies can be sent). (CVE-2020-7070)
OpenSSL:
Fixed bug #79601 (Wrong ciphertext/tag in AES-CCM encryption for a 12 bytes IV). (CVE-2020-7069)
Version 7.2.33
06 Aug 2020
Core:
Fixed bug #79877 (getimagesize function silently truncates after a null byte) (cmb)
Phar:
Fixed bug #79797 (Use of freed hash key in the phar_parse_zipfile function). (CVE-2020-7068)
Version 7.2.32
09 Jul 2020
Windows:
Rebuild of official Windows binaries with patched libcurl. No PHP source changes.
Version 7.2.31
14 May 2020
Core:
Fixed bug #78875 (Long filenames cause OOM and temp files are not cleaned). (CVE-2019-11048)
Fixed bug #78876 (Long variables in multipart/form-data cause OOM and temp files are not cleaned). (CVE-2019-11048)
Version 7.2.30
16 Apr 2020
Standard:
Fixed bug #79468 (SIGSEGV when closing stream handle with a stream filter appended).
Fixed bug #79330 (shell_exec() silently truncates after a null byte).
Fixed bug #79465 (OOB Read in urldecode()).
Version 7.2.29
19 Mar 2020
Core:
Fixed bug #79329 (get_headers() silently truncates after a null byte) (CVE-2020-7066) (cmb)
EXIF:
Fixed bug #79282 (Use-of-uninitialized-value in exif) (CVE-2020-7064) (Nikita)
Version 7.2.28
20 Feb 2020
DOM:
Fixed bug #77569 : (Write Access Violation in DomImplementation).
Phar:
Fixed bug #79082 (Files added to tar with Phar::buildFromIterator have all-access permissions). (CVE-2020-7063)
Session:
Fixed bug #79221 (Null Pointer Dereference in PHP Session Upload Progress). (CVE-2020-7062)
Version 7.2.27
23 Jan 2020
Mbstring:
Fixed bug #79037 (global buffer-overflow in `mbfl_filt_conv_big5_wchar`). (CVE-2020-7060)
Session:
Fixed bug #79091 (heap use-after-free in session_create_id()).
Standard:
Fixed bug #79099 (OOB read in php_strip_tags_ex). (CVE-2020-7059)
Version 7.2.26
18 Dec 2019
Bcmath:
Fixed bug #78878 (Buffer underflow in bc_shift_addsub). (CVE-2019-11046)
Core:
Fixed bug #78862 (link() silently truncates after a null byte on Windows). (CVE-2019-11044)
Fixed bug #78863 (DirectoryIterator class silently truncates after a null byte). (CVE-2019-11045)
EXIF:
Fixed bug #78793 (Use-after-free in exif parsing under memory sanitizer). (CVE-2019-11050)
Fixed bug #78910 (Heap-buffer-overflow READ in exif). (CVE-2019-11047)
GD:
Fixed bug #78849 (GD build broken with -D SIGNED_COMPARE_SLOW).
Intl:
Fixed bug #78804 (Segmentation fault in Locale::filterMatches).
OPcache:
Fixed $x = (bool)$x; with opcache (should emit undeclared variable notice).
Standard:
Fixed bug #78759 (array_search in $GLOBALS).
Fixed bug #78833 (Integer overflow in pack causes out-of-bound access).
Fixed bug #78814 (strip_tags allows / in tag name => whitelist bypass).
Version 7.2.25
21 Nov 2019
Core:
Fixed bug #78656 (Parse errors classified as highest log-level).
Fixed bug #78752 (Segfault if GC triggered while generator stack frame is being destroyed).
Fixed bug #78689 (Closure::fromCallable() doesn't handle [Closure, '__invoke']).
COM:
Fixed bug #78694 (Appending to a variant array causes segfault).
Date:
Fixed bug #70153 (\DateInterval incorrectly unserialized).
Fixed bug #78751 (Serialising DatePeriod converts DateTimeImmutable).
Iconv:
Fixed bug #78642 (Wrong libiconv version displayed). (gedas at martynas, cmb).
OpCache:
Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
Fixed bug #78747 (OpCache corrupts custom extension result).
OpenSSL:
Fixed bug #78775 (TLS issues from HTTP request affecting other encrypted connections).
Reflection:
Fixed bug #78697 (ReflectionClass::ImplementsInterface - inaccurate error message with traits).
Sockets:
Fixed bug #78665 (Multicasting may leak memory).
Version 7.2.24
24 Oct 2019
Core:
Fixed bug #78535 (auto_detect_line_endings value not parsed as bool).
Fixed bug #78620 (Out of memory error).
Exif:
Fixed bug #78442 ('Illegal component' on exif_read_data since PHP7) (Kalle)
FPM:
Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
MBString:
Fixed bug #78579 (mb_decode_numericentity: args number inconsistency).
Fixed bug #78609 (mb_check_encoding() no longer supports stringable objects).
MySQLi:
Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
PDO_MySQL:
Fixed bug #78623 (Regression caused by "SP call yields additional empty result set").
Session:
Fixed bug #78624 (session_gc return value for user defined session handlers).
Standard:
Fixed bug #76342 (file_get_contents waits twice specified timeout).
Fixed bug #78612 (strtr leaks memory when integer keys are used and the subject string shorter).
Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
Zip:
Fixed bug #78641 (addGlob can modify given remove_path value).
Version 7.2.23
26 Sep 2019
Core:
Fixed bug #78220 (Can't access OneDrive folder).
Fixed bug #78412 (Generator incorrectly reports non-releasable $this as GC child).
FastCGI:
Fixed bug #78469 (FastCGI on_accept hook is not called when using named pipes on Windows).
MySQLnd:
Fixed connect_attr issues and added the _server_host connection attribute.
ODBC:
Fixed bug #78473 (odbc_close() closes arbitrary resources).
PDO_MySQL:
Fixed bug #41997 (SP call yields additional empty result set).
sodium:
Fixed bug #78510 (Partially uninitialized buffer returned by sodium_crypto_generichash_init()).
SPL:
Fixed bug #72884 (SplObject isCloneable() returns true but errs on clone).
Version 7.2.22
29 Aug 2019
Core:
Fixed bug #78363 (Buffer overflow in zendparse).
Fixed bug #78379 (Cast to object confuses GC, causes crash).
Curl:
Fixed bug #77946 (Bad cURL resources returned by curl_multi_info_read()).
Exif:
Fixed bug #78333 (Exif crash (bus error) due to wrong alignment and invalid cast).
Iconv:
Fixed bug #78342 (Bus error in configure test for iconv //IGNORE).
LiteSpeed:
Updated to LiteSpeed SAPI V7.5 (Fixed clean shutdown).
MySQLnd:
Fixed bug #78179 (MariaDB server version incorrectly detected).
Opcache:
Fixed bug #77191 (Assertion failure in dce_live_ranges() when silencing is used).
Standard:
Fixed bug #69100 (Bus error from stream_copy_to_stream (file -> SSL stream) with invalid length).
Fixed bug #78282 (atime and mtime mismatch).
Fixed bug #78326 (improper memory deallocation on stream_get_contents() with fixed length buffer).
Version 7.2.21
01 Aug 2019
Date:
Fixed bug #69044 (discrepency between time and microtime).
EXIF:
Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
Fileinfo:
Fixed bug #78183 (finfo_file shows wrong mime-type for .tga file).
FTP:
Fixed bug #77124 (FTP with SSL memory leak).
Libxml:
Fixed bug #78279 (libxml_disable_entity_loader settings is shared between requests (cgi-fcgi)).
LiteSpeed:
Updated to LiteSpeed SAPI V7.4.3 (increased response header count limit from 100 to 1000, added crash handler to cleanly shutdown PHP request, added CloudLinux mod_lsapi mode).
Fixed bug #76058 (After "POST data can't be buffered", using php://input makes huge tmp files).
Openssl:
Fixed bug #78231 (Segmentation fault upon stream_socket_accept of exported socket-to-stream).
OPcache:
Fixed bug #78189 (file cache strips last character of uname hash).
Fixed bug #78202 (Opcache stats for cache hits are capped at 32bit NUM).
Fixed bug #78291 (opcache_get_configuration doesn't list all directives).
Phar:
Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
Phpdbg:
Fixed bug #78297 (Include unexistent file memory leak).
PDO_Sqlite:
Fixed bug #78192 (SegFault when reuse statement after schema has changed).
SQLite:
Upgraded to SQLite 3.28.0.
Standard:
Fixed bug #78241 (touch() does not handle dates after 2038 in PHP 64-bit).
Fixed bug #78269 (password_hash uses weak options for argon2).
XMLRPC:
Fixed bug #78173 (XML-RPC mutates immutable objects during encoding).
Version 7.2.20
04 Jul 2019
Core:
Fixed bug #76980 (Interface gets skipped if autoloader throws an exception).
DOM:
Fixed bug #78025 (segfault when accessing properties of DOMDocumentType).
MySQLi:
Fixed bug #77956 (When mysqli.allow_local_infile = Off, use a meaningful error message).
Fixed bug #38546 (bindParam incorrect processing of bool types).
Opcache:
Fixed bug #78106 (Path resolution fails if opcache disabled during request).
OpenSSL:
Fixed bug #78079 (openssl_encrypt_ccm.phpt fails with OpenSSL 1.1.1c).
Sockets:
Fixed bug #78038 (Socket_select fails when resource array contains references).
Standard:
Fixed bug #77135 (Extract with EXTR_SKIP should skip $this).
Fixed bug #77937 (preg_match failed).
Zip:
Fixed bug #76345 (zip.h not found).
Version 7.2.19
30 May 2019
Date:
Fixed bug #77909 (DatePeriod::__construct() with invalid recurrence count value).
EXIF:
Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
FPM:
Fixed bug #77934 (php-fpm kill -USR2 not working).
Fixed bug #77921 (static.php.net doesn't work anymore).
GD:
Fixed bug #77943 (imageantialias($image, false); does not work).
Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
Iconv:
Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
JSON:
Fixed bug #77843 (Use after free with json serializer).
Opcache:
Fixed possible crashes, because of inconsistent PCRE cache and opcache SHM reset.
PDO_MySQL:
Fixed bug #77944 (Wrong meta pdo_type for bigint on LLP64).
Reflection:
Fixed bug #75186 (Inconsistent reflection of Closure:::__invoke()).
Session:
Fixed bug #77911 (Wrong warning for session.sid_bits_per_character).
SPL:
Fixed bug #77024 (SplFileObject::__toString() may return array).
SQLite:
Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
Version 7.2.18
02 May 2019
CLI:
Fixed bug #77794 (Incorrect Date header format in built-in server).
EXIF:
Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
Interbase:
Fixed bug #72175 (Impossibility of creating multiple connections to Interbase with php 7.x).
Intl:
Fixed bug #77895 (IntlDateFormatter::create fails in strict mode if $locale = null).
litespeed:
LiteSpeed SAPI 7.3.1, better process management, new API function litespeed_finish_request().
Mail:
Fixed bug #77821 (Potential heap corruption in TSendMail()).
PCRE:
Fixed bug #77827 (preg_match does not ignore \r in regex flags).
PDO:
Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
phpdbg:
Fixed bug #76801 (too many open files).
Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
Fixed bug #77805 (phpdbg build fails when readline is shared).
Reflection:
Fixed bug #77772 (ReflectionClass::getMethods(null) doesn't work).
Fixed bug #77882 (Different behavior: always calls destructor).
Standard:
Fixed bug #77680 (recursive mkdir on ftp stream wrapper is incorrect).
Fixed bug #77844 (Crash due to null pointer in parse_ini_string with INI_SCANNER_TYPED).
Fixed bug #77853 (Inconsistent substr_compare behaviour with empty haystack).
Version 7.2.17
04 Apr 2019
Core:
Fixed bug #77738 (Nullptr deref in zend_compile_expr).
Fixed bug #77660 (Segmentation fault on break 2147483648).
Fixed bug #77652 (Anonymous classes can lose their interface information).
Fixed bug #77676 (Unable to run tests when building shared extension on AIX).
Bcmath:
Fixed bug #77742 (bcpow() implementation related to gcc compiler optimization).
COM:
Fixed bug #77578 (Crash when php unload).
Date:
Fixed bug #50020 (DateInterval:createDateFromString() silently fails).
Fixed bug #75113 (Added DatePeriod::getRecurrences() method).
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
FPM:
Fixed bug #77677 (FPM fails to build on AIX due to missing WCOREDUMP).
GD:
Fixed bug #77700 (Writing truecolor images as GIF ignores interlace flag).
MySQLi:
Fixed bug #77597 (mysqli_fetch_field hangs scripts).
Opcache:
Fixed bug #77691 (Opcache passes wrong value for inline array push assignments).
Fixed bug #77743 (Incorrect pi node insertion for jmpznz with identical successors).
phpdbg:
Fixed bug #77767 (phpdbg break cmd aliases listed in help do not match actual aliases).
sodium:
Fixed bug #77646 (sign_detached() strings not terminated).
SQLite3:
Added sqlite3.defensive INI directive.
Standard:
Fixed bug #77664 (Segmentation fault when using undefined constant in custom wrapper).
Fixed bug #77669 (Crash in extract() when overwriting extracted array).
Fixed bug #76717 (var_export() does not create a parsable value for PHP_INT_MIN).
Fixed bug #77765 (FTP stream wrapper should set the directory as executable).
Version 7.2.16
07 Mar 2019
Core:
Fixed bug #77589 (Core dump using parse_ini_string with numeric sections).
Fixed bug #77630 (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
COM:
Fixed bug #77621 (Already defined constants are not properly reported).
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
Fixed bug #77540 (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
PDO_OCI:
Support Oracle Database tracing attributes ACTION, MODULE, CLIENT_INFO, and CLIENT_IDENTIFIER.
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
SPL:
Fixed bug #51068 (DirectoryIterator glob:// don't support current path relative queries).
Fixed bug #77431 (openFile() silently truncates after a null byte).
Standard:
Fixed bug #77552 (Unintialized php_stream_statbuf in stat functions).
MySQL:
Disabled LOCAL INFILE by default, can be enabled using php.ini directive mysqli.allow_local_infile for mysqli, or PDO::MYSQL_ATTR_LOCAL_INFILE attribute for pdo_mysql.
Version 7.2.15
07 Feb 2019
Core:
Fixed bug #77339 (__callStatic may get incorrect arguments).
Fixed bug #77494 (Disabling class causes segfault on member access).
Fixed bug #77530 (PHP crashes when parsing `(2)::class`).
Curl:
Fixed bug #76675 (Segfault with H2 server push).
GD:
Fixed bug #73281 (imagescale(…, IMG_BILINEAR_FIXED) can cause black border).
Fixed bug #73614 (gdImageFilledArc() doesn't properly draw pies).
Fixed bug #77272 (imagescale() may return image resource on failure).
Fixed bug #77391 (1bpp BMPs may fail to be loaded).
Fixed bug #77479 (imagewbmp() segfaults with very large images).
ldap:
Fixed bug #77440 (ldap_bind using ldaps or ldap_start_tls()=exception in libcrypto-1_1-x64.dll).
Mbstring:
Fixed bug #77454 (mb_scrub() silently truncates after a null byte).
MySQLnd:
Fixed bug #75684 (In mysqlnd_ext_plugin.h the plugin methods family has no external visibility).
Opcache:
Fixed bug #77361 (configure fails on 64-bit AIX when opcache enabled).
OpenSSL:
Fixed bug #77390 (feof might hang on TLS streams in case of fragmented TLS records).
PDO:
Fixed bug #77273 (array_walk_recursive corrupts value types leading to PDO failure).
Sockets:
Fixed bug #76839 (socket_recvfrom may return an invalid 'from' address on MacOS).
Standard:
Fixed bug #77395 (segfault about array_multisort).
Fixed bug #77439 (parse_str segfaults when inserting item into existing array).
Version 7.2.14
10 Jan 2019
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #76046 (PHP generates "FE_FREE" opcode on the wrong line).
COM:
Fixed bug #77177 (Serializing or unserializing COM objects crashes).
Date:
Fixed bug #77097 (DateTime::diff gives wrong diff when the actual diff is less than 1 second).
Exif:
Fixed bug #77184 (Unsigned rational numbers are written out as signed rationals).
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
Fixed bug #77195 (Incorrect error handling of imagecreatefromjpeg()).
Fixed bug #77198 (auto cropping has insufficient precision).
Fixed bug #77200 (imagecropauto(…, GD_CROP_SIDES) crops left but not right).
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023)
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
OCI8:
Fixed bug #76804 (oci_pconnect with OCI_CRED_EXT not working).
Added oci_set_call_timeout() for call timeouts.
Added oci_set_db_operation() for the DBOP end-to-end-tracing attribute.
Opcache:
Fixed bug #77215 (CFG assertion failure on multiple finalizing switch frees in one block).
PDO:
Handle invalid index passed to PDOStatement::fetchColumn() as error.
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
Sockets:
Fixed bug #77136 (Unsupported IPV6_RECVPKTINFO constants on macOS).
SQLite3:
Fixed bug #77051 (Issue with re-binding on SQLite3).
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
Version 7.2.13
06 Dec 2018
ftp:
Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
CLI:
Fixed bug #77111 (php-win.exe corrupts unicode symbols from cli parameters).
Fileinfo:
Fixed bug #77095 (slowness regression in 7.2/7.3 (compared to 7.1)).
iconv:
Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
Core:
Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
IMAP:
Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
ODBC:
Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
Opcache:
Fixed bug #77058 (Type inference in opcache causes side effects).
Fixed bug #77092 (array_diff_key() - segmentation fault).
Phar:
Fixed bug #77022 (PharData always creates new files with mode 0666).
Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
PGSQL:
Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
SOAP:
Fixed bug #50675 (SoapClient can't handle object references correctly).
Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
Sockets:
Fixed bug #67619 (Validate length on socket_write).
Version 7.2.12
08 Nov 2018
Core:
Fixed bug #76846 (Segfault in shutdown function after memory limit error).
Fixed bug #76946 (Cyclic reference in generator not detected).
Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
Date:
Upgraded timelib to 2017.08.
Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
Fixed bug #77007 (fractions in `diff()` are not correctly normalized).
FCGI:
Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
Fixed bug #76954 (apache_response_headers removes last character from header name).
FTP:
Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
intl:
Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
Reflection:
Fixed bug #76936 (Objects cannot access their private attributes while handling reflection errors).
Fixed bug #66430 (ReflectionFunction::invoke does not invoke closure with object scope).
Sodium:
Some base64 outputs were truncated; this is not the case any more.
block sizes >= 256 bytes are now supposed by sodium_pad() even when an old version of libsodium has been installed.
Fixed bug #77008 (sodium_pad() could read (but not return nor write) uninitialized memory when trying to pad an empty input).
Standard:
Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
Tidy:
Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
XML:
Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
XMLRPC:
Fixed bug #75282 (xmlrpc_encode_request() crashes).
Version 7.2.11
11 Oct 2018
Core:
Fixed bug #76800 (foreach inconsistent if array modified during loop).
Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
CURL:
Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
iconv:
Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
Opcache:
Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
Fixed bug #76796 (Compile-time evaluation of disabled function in opcache causes segfault).
POSIX:
Fixed bug #75696 (posix_getgrnam fails to print details of group).
Reflection:
Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
Standard:
Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
Fixed bug #75533 (array_reduce is slow when $carry is large array).
XMLRPC:
Fixed bug #76886 (Can't build xmlrpc with expat).
Zlib:
Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
Version 7.2.10
13 Sep 2018
Core:
Fixed bug #76754 (parent private constant in extends class memory leak).
Fixed bug #72443 (Generate enabled extension).
Fixed bug #75797 (Memory leak when using class_alias() in non-debug mode).
Apache2:
Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
Bz2:
Fixed arginfo for bzcompress.
gettext:
Fixed bug #76517 (incorrect restoring of LDFLAGS).
iconv:
Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
Fixed bug #60494 (iconv_mime_decode does ignore special characters).
Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
intl:
Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
libxml:
Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
mbstring:
Fixed bug #76704 (mb_detect_order return value varies based on argument type).
Opcache:
Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
OpenSSL:
Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
phpdbg:
Fixed bug #76595 (phpdbg man page contains outdated information).
SPL:
Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
Standard:
Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
zlib:
Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).
Version 7.2.9
16 Aug 2018
Calendar:
Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
Filter:
Fixed bug #76366 (References in sub-array for filtering breaks the filter).
PDO_Firebird:
Fixed bug #76488 (Memory leak when fetching a BLOB field).
PDO_PgSQL:
Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
SQLite3:
Fixed bug #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
Standard:
Fixed bug #73817 (Incorrect entries in get_html_translation_table).
Fixed bug #68553 (array_column: null values in $index_key become incrementing keys in result).
Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
Zip:
Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
Version 7.2.8
19 Jul 2018
Core:
Fixed bug #76534 (PHP hangs on 'illegal string offset on string references with an error handler).
Fixed bug #76520 (Object creation leaks memory when executed over HTTP).
Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize properly).
Date:
Fixed bug #76462 (Undefined property: DateInterval::$f).
EXIF:
Fixed bug #76409 (heap use after free in _php_stream_free). (CVE-2018-12882)
Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
FPM:
Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking).
GMP:
Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes).
intl:
Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong type).
mbstring:
Fixed bug #76532 (Integer overflow and excessive memory usage in mb_strimwidth).
Opcache:
Fixed bug #76477 (Opcache causes empty return value).
PGSQL:
Fixed bug #76548 (pg_fetch_result did not fetch the next row).
phpdbg:
Fix arginfo wrt. optional/required parameters.
Reflection:
Fixed bug #76536 (PHP crashes with core dump when throwing exception in error handler).
Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with inherited classes).
Standard:
Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
Fixed bug #71848 (getimagesize with $imageinfo returns false).
Win32:
Fixed bug #76459 (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
ZIP:
Fixed bug #76461 (OPSYS_Z_CPM defined instead of OPSYS_CPM).
Version 7.2.7
21 Jun 2018
Core:
Fixed bug #76337 (segfault when opcache enabled + extension use zend_register_class_alias).
CLI Server:
Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).
OpenSSL:
Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
SPL:
Fixed bug #76367 (NoRewindIterator segfault 11).
Standard:
Fixed bug #76410 (SIGV in zend_mm_alloc_small).
Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
Version 7.2.6
24 May 2018
EXIF:
Fixed bug #76164 (exif_read_data zend_mm_heap corrupted).
FPM:
Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
intl:
Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
Opcache:
Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp).
Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array).
Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
Reflection:
Fixed arginfo of array_replace(_recursive) and array_merge(_recursive).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Version 7.2.5
26 Apr 2018
Core:
Fixed bug #75722 (Convert valgrind detection to configure option).
Date:
Fixed bug #76131 (mismatch arginfo for date_create).
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
FPM:
Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).
Fixed incorrect write to getenv result in FPM reload.
GD:
Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
intl:
Fixed bug #76153 (Intl compilation fails with icu4c 61.1).
ldap:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
mbstring:
Fixed bug #75944 (Wrong cp1251 detection).
Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
ODBC:
Fixed bug #76088 (ODBC functions are not available by default on Windows).
Opcache:
Fixed bug #76094 (Access violation when using opcache).
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
phpdbg:
Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).
SPL:
Fixed bug #76131 (mismatch arginfo for splarray constructor).
standard:
Fixed bug #74139 (mail.add_x_header default inconsistent with docs).
Fixed bug #75996 (incorrect url in header for mt_rand).
Version 7.2.4
29 Mar 2018
Core:
Fixed bug #76025 (Segfault while throwing exception in error_handler).
Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
FTP:
GD:
Fixed bug #73957 (signed integer conversion in imagescale()).
Fixed bug #76041 (null pointer access crashed php).
Fixed imagesetinterpolation arginfo.
iconv:
Fixed bug #75867 (Freeing uninitialized pointer).
Mbstring:
Fixed bug #62545 (wrong unicode mapping in some charsets).
Opcache:
Fixed bug #75969 (Assertion failure in live range DCE due to block pass misoptimization).
OpenSSL:
Fixed openssl_* arginfos.
PCNTL:
Fixed bug #75873 (pcntl_wexitstatus returns incorrect on Big_Endian platform (s390x)).
Phar:
Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).
Standard:
Fixed bug #75961 (Strange references behavior).
Fixed some arginfos.
Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
Version 7.2.3
01 Mar 2018
Core:
Fixed bug #75864 ("stream_isatty" returns wrong value on s390x).
Apache2Handler:
Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).
Date:
Fixed bug #75857 (Timezone gets truncated when formatted).
Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).
Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
LDAP:
Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
libxml2:
Fixed bug #75871 (use pkg-config where available).
PGSQL:
Fixed bug #75838 (Memory leak in pg_escape_bytea()).
Phar:
Fixed bug #54289 (Phar::extractTo() does not accept specific directories to be extracted).
Fixed bug #65414 (deal with leading slash while adding files correctly).
Fixed bug #65414 (deal with leading slash when adding files correctly).
ODBC:
Fixed bug #73725 (Unable to retrieve value of varchar(max) type).
Opcache:
Fixed bug #75729 (opcache segfault when installing Bitrix).
Fixed bug #75893 (file_get_contents $http_response_header variable bugged with opcache).
Fixed bug #75938 (Modulus value not stored in variable).
SPL:
Fixed bug #74519 (strange behavior of AppendIterator).
Standard:
Fixed bug #75916 (DNS_CAA record results contain garbage).
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.2.2
01 Feb 2018
Core:
Fixed bug #75742 (potential memleak in internal classes's static members).
Fixed bug #75679 (Path 260 character problem).
Fixed bug #75614 (Some non-portable == in shell scripts).
Fixed bug #75786 (segfault when using spread operator on generator passed by reference).
Fixed bug #75799 (arg of get_defined_functions is optional).
Fixed bug #75396 (Exit inside generator finally results in fatal error).
FCGI:
Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
IMAP:
Fixed bug #75774 (imap_append HeapCorruction).
Opcache:
Fixed bug #75720 (File cache not populated after SHM runs full).
Fixed bug #75687 (var 8 (TMP) has array key type but not value type).
Fixed bug #75698 (Using @ crashes php7.2-fpm).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
PDO:
Fixed bug #75616 (PDO extension doesn't allow to be built shared on Darwin).
PDO MySQL:
Fixed bug #75615 (PDO Mysql module can't be built as module).
PGSQL:
Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
Readline:
Fixed bug #75775 (readline_read_history segfaults with empty file).
SAPI:
Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry).
SOAP:
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #75502 (Segmentation fault in zend_string_release).
SPL:
Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference).
Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class).
Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties).
Standard:
Fixed bug #75781 (substr_count incorrect result).
Fixed bug #75653 (array_values don't work on empty array).
Zip:
Display headers (buildtime) and library (runtime) versions in phpinfo (with libzip >= 1.3.1).
Version 7.2.1
04 Jan 2018
Core:
Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
Fixed bug #75525 (Access Violation in vcruntime140.dll).
Fixed bug #74862 (Unable to clone instance when private __clone defined).
Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
CLI server:
Fixed bug #73830 (Directory does not exist).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
Fixed bug #75608 ("Narrowing occurred during type inference" error).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
Fixed bug #75570 ("Narrowing occurred during type inference" error).
Fixed bug #75556 (Invalid opcode 138/1/1).
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Fixed bug #75511 (fread not free unused buffer).
Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.2.0
30 Nov 2017
BCMath:
Fixed bug #46564 (bcmod truncates fractionals).
CLI:
Fixed bug #74849 (Process is started as interactive shell in PhpStorm).
Fixed bug #74979 (Interactive shell opening instead of script execution with -f flag).
CLI server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Core:
Added ZEND_COUNT, ZEND_GET_CLASS, ZEND_GET_CALLED_CLASS, ZEND_GET_TYPE, ZEND_FUNC_NUM_ARGS, ZEND_FUNC_GET_ARGS instructions, to implement corresponding builtin functions.
"Countable" interface is moved from SPL to Core.
Added ZEND_IN_ARRAY instruction, implementing optimized in_array() builtin function, through hash lookup in flipped array.
Removed IS_TYPE_IMMUTABLE (it's the same as COPYABLE & !REFCOUNTED).
Removed the sql.safe_mode directive.
Removed support for Netware.
Renamed ReflectionClass::isIterateable() to ReflectionClass::isIterable() (alias original name for BC).
Fixed bug #54535 (WSA cleanup executes before MSHUTDOWN).
Implemented FR #69791 (Disallow mail header injections by extra headers) (Yasuo)
Implemented FR #49806 (proc_nice() for Windows).
Fix pthreads detection when cross-compiling (ffontaine)
Fixed memory leaks caused by exceptions thrown from destructors. (Bob, Dmitry).
Fixed bug #73215 (uniqid() should use better random source).
Implemented FR #72768 (Add ENABLE_VIRTUAL_TERMINAL_PROCESSING flag for php.exe).
Implemented "Convert numeric keys in object/array casts" RFC, fixes bugs #53838 , #61655 , #66173 , #70925 , #72254 , etc.
Implemented "Deprecate and Remove Bareword (Unquoted) Strings" RFC.
Raised minimum supported Windows versions to Windows 7/Server 2008 R2.
Implemented minor optimization in array_keys/array_values().
Added PHP_OS_FAMILY constant to determine on which OS we are.
Fixed bug #73987 (Method compatibility check looks to original definition and not parent).
Fixed bug #73991 (JSON_OBJECT_AS_ARRAY not respected).
Fixed bug #74053 (Corrupted class entries on shutdown when a destructor spawns another object).
Fixed bug #73971 (Filename got limited to MAX_PATH on Win32 when scan directory).
Fixed bug #72359 , bug #72451 , bug #73706 , bug #71115 and others related to interned strings handling in TS builds.
Implemented "Trailing Commas In List Syntax" RFC for group use lists only.
Fixed bug #74269 (It's possible to override trait property with different loosely-equal value).
Fixed bug #61970 (Restraining __construct() access level in subclass gives a fatal error).
Fixed bug #63384 (Cannot override an abstract method with an abstract method).
Fixed bug #74607 (Traits enforce different inheritance rules).
Fixed misparsing of abstract unix domain socket names.
Change PHP_OS_FAMILY value from "OSX" to "Darwin".
Allow loading PHP/Zend extensions by name in ini files (extension=<name>).
Added object type annotation.
Fixed bug #74815 (crash with a combination of INI entries at startup).
Fixed bug #74836 (isset on zero-prefixed numeric indexes in array broken).
Added new VM instuctions ISSET_ISEMPTY_CV and UNSET_CV. Previously they were implemented as ISSET_ISEMPTY_VAR and UNSET_VAR variants with ZEND_QUICK_SET flag.
Fixed bug #49649 (unserialize() doesn't handle changes in property visibility).
Fixed bug #74866 (extension_dir = "./ext" now use current directory for base).
Implemented FR #74963 (Improved error message on fetching property of non-object).
Fixed bug #75142 (buildcheck.sh check for autoconf version needs to be updated for v2.64).
Fixed bug #74878 (Data race in ZTS builds).
Fixed bug #75515 ("stream_copy_to_stream" doesn't stream anymore).
cURL:
Fixed bug #75093 (OpenSSL support not detected).
Better fix for #74125 (use pkg-config instead of curl-config).
Date:
Fixed bug #55407 (Impossible to prototype DateTime::createFromFormat).
Implemented FR #71520 (Adding the DateTime constants to the DateTimeInterface interface).
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Fixed bug #75149 (redefinition of typedefs ttinfo and t1info).
Fixed bug #75222 (DateInterval microseconds property always 0).
Dba:
Fixed bug #72885 (flatfile: dba_fetch() fails to read replaced entry).
DOM:
Implemented FR #74837 (Implement Countable for DomNodeList and DOMNamedNodeMap).
EXIF:
Added support for vendor specific tags for the following formats: Samsung, DJI, Panasonic, Sony, Pentax, Minolta, Sigma/Foveon, AGFA, Kyocera, Ricoh & Epson.
Fixed bug #72682 (exif_read_data() fails to read all data for some images).
Fixed bug #71534 (Type confusion in exif_read_data() leading to heap overflow in debug mode).
Fixed bug #68547 (Exif Header component value check error).
Fixed bug #66443 (Corrupt EXIF header: maximum directory nesting level reached for some cameras).
Fixed Redhat bug #1362571 (PHP not returning full results for exif_read_data function).
Implemented FR #65187 (exif_read_data/thumbnail: add support for stream resource).
Deprecated the read_exif_data() alias.
Fixed bug #74428 (exif_read_data(): "Illegal IFD size" warning occurs with correct exif format).
Fixed bug #72819 (EXIF thumbnails not read anymore).
Fixed bug #62523 (php crashes with segfault when exif_read_data called).
Fixed bug #50660 (exif_read_data(): Illegal IFD offset (works fine with other exif readers).
Fileinfo:
Upgrade bundled libmagic to 5.31.
FPM:
Configuration to limit fpm slow log trace callers.
Fixed bug #75212 (php_value acts like php_admin_value).
FTP:
Implement MLSD for structured listing of directories.
Added ftp_append() function.
GD:
Implemented imageresolution as getter and setter (Christoph)
Fixed bug #74744 (gd.h: stdarg.h include missing for va_list use in gdErrorMethod).
Fixed bug #75111 (Memory disclosure or DoS via crafted .bmp image).
GMP:
Fixed bug #70896 (gmp_fact() silently ignores non-integer input).
Hash:
Changed HashContext from resource to object.
Disallowed usage of non-cryptographic hash functions with HMAC and PBKDF2.
Fixed bug #75284 (sha3 is not supported on bigendian machine).
IMAP:
Fixed bug #72324 (imap_mailboxmsginfo() return wrong size).
Intl:
Fixed bug #63790 (test using Spoofchecker which may be unavailable).
Fixed bug #75378 ([REGRESSION] IntlDateFormatter::parse() does not change $position argument).
JSON:
Add JSON_INVALID_UTF8_IGNORE and JSON_INVALID_UTF8_SUBSTITUTE options for json_encode and json_decode to ignore or replace invalid UTF-8 byte sequences - it addresses request #65082 .
Fixed bug #75185 (Buffer overflow in json_decode() with JSON_INVALID_UTF8_IGNORE or JSON_INVALID).
Fixed bug #68567 (JSON_PARTIAL_OUTPUT_ON_ERROR can result in JSON with null key).
LDAP:
Implemented FR #69445 (Support for LDAP EXOP operations)
Fixed support for LDAP_OPT_SERVER_CONTROLS and LDAP_OPT_CLIENT_CONTROLS in ldap_get_option
Fixed passing an empty array to ldap_set_option for client or server controls.
Mbstring:
Implemented FR #66024 (mb_chr() and mb_ord()).
Implemented FR #65081 (mb_scrub()).
Implemented FR #69086 (enhancement for mb_convert_encoding() that handles multibyte replacement char nicely).
Added array input support to mb_convert_encoding().
Added array input support to mb_check_encoding().
Fixed bug #69079 (enhancement for mb_substitute_character).
Update to oniguruma version 6.3.0.
Fixed bug #69267 (mb_strtolower fails on titlecase characters).
Mcrypt:
The deprecated mcrypt extension has been moved to PECL.
Opcache:
Added global optimisation passes based on data flow analysis using Single Static Assignment (SSA) form: Sparse Conditional Constant Propagation (SCCP), Dead Code Elimination (DCE), and removal of unused local variables (Nikita, Dmitry)
Fixed incorect constant conditional jump elimination.
Fixed bug #75230 (Invalid opcode 49/1/8 using opcache).
Fixed bug (assertion fails with extended info generated).
Fixed bug (Phi sources removel).
Fixed bug #75370 (Webserver hangs on valid PHP text).
Fixed bug #75357 (segfault loading WordPress wp-admin).
OpenSSL:
Use TLS_ANY for default ssl:// and tls:// negotiation.
Fix leak in openssl_spki_new().
Added openssl_pkcs7_read() and pk7 parameter to openssl_pkcs7_verify().
Add ssl security_level stream option to support OpenSSL security levels. (Jakub Zelenka).
Allow setting SNI cert and private key in separate files.
Fixed bug #74903 (openssl_pkcs7_encrypt() uses different EOL than before).
Automatically load OpenSSL configuration file.
PCRE:
Added support for PCRE JIT fast path API.
Fixed bug #61780 (Inconsistent PCRE captures in match results).
Fixed bug #74873 (Minor BC break: PCRE_JIT changes output of preg_match()).
Fixed bug #75089 (preg_grep() is not reporting PREG_BAD_UTF8_ERROR after first input string).
Fixed bug #75223 (PCRE JIT broken in 7.2).
Fixed bug #75285 (Broken build when system libpcre don't have jit support).
phar:
Fixed bug #74196 (phar does not correctly handle names containing dots).
PDO:
Fixed bug #73234 (Emulated statements let value dictate parameter type).
Add "Sent SQL" to debug dump for emulated prepares.
Add parameter types for national character set strings.
PDO_DBlib:
Fixed bug #73396 (bigint columns are returned as strings).
Expose DB-Library version as \PDO::DBLIB_ATTR_VERSION attribute on \PDO instance.
Add test coverage for bug #72969 .
PDO_OCI:
Fixed bug #74537 (Align --with-pdo-oci configure option with --with-oci8 syntax).
PDO_Sqlite:
Switch to sqlite3_prepare_v2() and sqlite3_close_v2() functions (rasmus)
PHPDBG:
Added extended_value to opcode dump output.
Session:
Fixed bug #73461 (Prohibit session save handler recursion).
PR GH-2233 Removed register_globals related code and "!" can be used as $_SESSION key name.
Improved bug #73100 fix. 'user' save handler can only be set by session_set_save_handler()
Fixed bug #74514 (5 session functions incorrectly warn when calling in read-only/getter mode).
Fixed bug #74936 (session_cache_expire/cache_limiter/save_path() trigger a warning in read mode).
Fixed bug #74941 (session fails to start after having headers sent).
Sodium:
New cryptographic extension
Added missing bindings for libsodium > 1.0.13.
SPL:
Fixed bug #71412 (Incorrect arginfo for ArrayIterator::__construct).
Added spl_object_id().
SQLite3:
Implement writing to blobs.
Update to Sqlite 3.20.1.
Standard:
Fixed bug #69442 (closing of fd incorrect when PTS enabled).
Fixed bug #74300 (unserialize accepts two plus/minus signs for float number exponent part).
Compatibility with libargon2 versions 20161029 and 20160821.
Fixed bug #74737 (mysqli_get_client_info reflection info).
Add support for extension name as argument to dl().
Fixed bug #74851 (uniqid() without more_entropy performs badly).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
Fixed bug #75170 (mt_rand() bias on 64-bit machines).
Fixed bug #75221 (Argon2i always throws NUL at the end).
Streams:
Default ssl/single_dh_use and ssl/honor_cipher_order to true.
XML:
Moved utf8_encode() and utf8_decode() to the Standard extension.
XMLRPC:
Use Zend MM for allocation in bundled libxmlrpc (Joe)
ZIP:
Add support for encrypted archives.
Use of bundled libzip is deprecated, --with-libzip option is recommended.
Fixed bug #73803 (Reflection of ZipArchive does not show public properties).
ZipArchive implements countable, added ZipArchive::count() method.
Fix segfault in php_stream_context_get_option call.
Fixed bug #75143 (new method setEncryptionName() seems not to exist in ZipArchive).
zlib:
Expose inflate_get_status() and inflate_get_read_len() functions.
Version 7.1.33
24 Oct 2019
FPM:
Fixed bug #78599 (env_path_info underflow in fpm_main.c can lead to RCE). (CVE-2019-11043)
Version 7.1.32
29 Aug 2019
mbstring:
Fixed CVE-2019-13224 (don't allow different encodings for onig_new_deluxe) (stas)
pcre:
Fixed bug #75457 (heap use-after-free in pcrelib) (cmb)
Version 7.1.31
01 Aug 2019
SQLite:
Upgraded to SQLite 3.28.0.
EXIF:
Fixed bug #78256 (heap-buffer-overflow on exif_process_user_comment). (CVE-2019-11042)
Fixed bug #78222 (heap-buffer-overflow on exif_scan_thumbnail). (CVE-2019-11041)
Phar:
Fixed bug #77919 (Potential UAF in Phar RSHUTDOWN).
Version 7.1.30
30 May 2019
EXIF:
Fixed bug #77988 (heap-buffer-overflow on php_jpg_get16) (CVE-2019-11040).
GD:
Fixed bug #77973 (Uninitialized read in gdImageCreateFromXbm) (CVE-2019-11038).
Iconv:
Fixed bug #78069 (Out-of-bounds read in iconv.c:_php_iconv_mime_decode() due to integer overflow) (CVE-2019-11039).
SQLite:
Fixed bug #77967 (Bypassing open_basedir restrictions via file uris).
Version 7.1.29
02 May 2019
EXIF:
Fixed bug #77950 (Heap-buffer-overflow in _estrndup via exif_process_IFD_TAG) (CVE-2019-11036).
Mail:
Fixed bug #77821 (Potential heap corruption in TSendMail()).
Version 7.1.28
04 Apr 2019
EXIF:
Fixed bug #77753 (Heap-buffer-overflow in php_ifd_get32s). (CVE-2019-11034)
Fixed bug #77831 (Heap-buffer-overflow in exif_iif_add_value). (CVE-2019-11035)
SQLite3:
Added sqlite3.defensive INI directive.
Version 7.1.27
07 Mar 2019
Core:
Fixed bug #77630 (rename() across the device may allow unwanted access during processing). (CVE-2019-9637)
EXIF:
Fixed bug #77509 (Uninitialized read in exif_process_IFD_in_TIFF). (CVE-2019-9641)
Fixed bug #77540 (Invalid Read on exif_process_SOFn). (CVE-2019-9640)
Fixed bug #77563 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9638)
Fixed bug #77659 (Uninitialized read in exif_process_IFD_in_MAKERNOTE). (CVE-2019-9639)
PHAR:
Fixed bug #77396 (Null Pointer Dereference in phar_create_or_parse_filename).
Fixed bug #77586 (phar_tar_writeheaders_int() buffer overflow).
SPL:
Fixed bug #77431 (openFile() silently truncates after a null byte).
Version 7.1.26
10 Jan 2019
Core:
Fixed bug #77369 (memcpy with negative length via crafted DNS response). (CVE-2019-9022)
GD:
Fixed bug #77269 (efree() on uninitialized Heap data in imagescale leads to use-after-free). (CVE-2016-10166)
Fixed bug #77270 (imagecolormatch Out Of Bounds Write on Heap). (CVE-2019-6977)
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Mbstring:
Fixed bug #77370 (Buffer overflow on mb regex functions - fetch_token). (CVE-2019-9023)
Fixed bug #77371 (heap buffer overflow in mb regex functions - compile_string_node). (CVE-2019-9023)
Fixed bug #77381 (heap buffer overflow in multibyte match_at). (CVE-2019-9023)
Fixed bug #77382 (heap buffer overflow due to incorrect length in expand_case_fold_string). (CVE-2019-9023)
Fixed bug #77385 (buffer overflow in fetch_token). (CVE-2019-9023)
Fixed bug #77394 (Buffer overflow in multibyte case folding - unicode). (CVE-2019-9023)
Fixed bug #77418 (Heap overflow in utf32be_mbc_to_code). (CVE-2019-9023)
Phar:
Fixed bug #77247 (heap buffer overflow in phar_detect_phar_fname_ext). (CVE-2019-9021)
Xmlrpc:
Fixed bug #77242 (heap out of bounds read in xmlrpc_decode()). (CVE-2019-9020)
Fixed bug #77380 (Global out of bounds read in xmlrpc base64 code). (CVE-2019-9024)
Version 7.1.25
06 Dec 2018
Core:
Fixed bug #71041 (zend_signal_startup() needs ZEND_API).
Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
ftp:
Fixed bug #77151 (ftp_close(): SSL_read on shutdown).
iconv:
Fixed bug #77147 (Fixing 60494 ignored ICONV_MIME_DECODE_CONTINUE_ON_ERROR).
IMAP:
Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
ODBC:
Fixed bug #77079 (odbc_fetch_object has incorrect type signature).
Opcache:
Fixed bug #77058 (Type inference in opcache causes side effects).
Phar:
Fixed bug #77022 (PharData always creates new files with mode 0666).
Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
PGSQL:
Fixed bug #77047 (pg_convert has a broken regex for the 'TIME WITHOUT TIMEZONE' data type).
SOAP:
Fixed bug #76348 (WSDL_CACHE_MEMORY causes Segmentation fault).
Fixed bug #77141 (Signedness issue in SOAP when precision=-1).
Sockets:
Fixed bug #67619 (Validate length on socket_write).
Version 7.1.24
08 Nov 2018
Core:
Fixed bug #76946 (Cyclic reference in generator not detected).
Fixed bug #77035 (The phpize and ./configure create redundant .deps file).
Fixed bug #77041 (buildconf should output error messages to stderr) (Mizunashi Mana)
Date:
Fixed bug #75851 (Year component overflow with date formats "c", "o", "r" and "y").
FCGI:
Fixed bug #76948 (Failed shutdown/reboot or end session in Windows).
Fixed bug #76954 (apache_response_headers removes last character from header name).
FTP:
Fixed bug #76972 (Data truncation due to forceful ssl socket shutdown).
intl:
Fixed bug #76942 (U_ARGUMENT_TYPE_MISMATCH).
Standard:
Fixed bug #76965 (INI_SCANNER_RAW doesn't strip trailing whitespace).
Tidy:
Fixed bug #77027 (tidy::getOptDoc() not available on Windows).
XML:
Fixed bug #30875 (xml_parse_into_struct() does not resolve entities).
Add support for getting SKIP_TAGSTART and SKIP_WHITE options.
Version 7.1.23
11 Oct 2018
Core:
Fixed bug #76901 (method_exists on SPL iterator passthrough method corrupts memory).
Fixed bug #76846 (Segfault in shutdown function after memory limit error).
CURL:
Fixed bug #76480 (Use curl_multi_wait() so that timeouts are respected).
iconv:
Fixed bug #66828 (iconv_mime_encode Q-encoding longer than it should be).
Opcache:
Fixed bug #76832 (ZendOPcache.MemoryBase periodically deleted by the OS).
POSIX:
Fixed bug #75696 (posix_getgrnam fails to print details of group).
Reflection:
Fixed bug #74454 (Wrong exception being thrown when using ReflectionMethod).
Standard:
Fixed bug #73457 (Wrong error message when fopen FTP wrapped fails to open data connection).
Fixed bug #74764 (Bindto IPv6 works with file_get_contents but fails with stream_socket_client).
Fixed bug #75533 (array_reduce is slow when $carry is large array).
Zlib:
Fixed bug #75273 (php_zlib_inflate_filter() may not update bytes_consumed).
Version 7.1.22
13 Sep 2018
Core:
Fixed bug #76754 (parent private constant in extends class memory leak).
Fixed bug #72443 (Generate enabled extension).
Apache2:
Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
Bz2:
Fixed arginfo for bzcompress.
gettext:
Fixed bug #76517 (incorrect restoring of LDFLAGS).
iconv:
Fixed bug #68180 (iconv_mime_decode can return extra characters in a header).
Fixed bug #63839 (iconv_mime_decode_headers function is skipping headers).
Fixed bug #60494 (iconv_mime_decode does ignore special characters).
Fixed bug #55146 (iconv_mime_decode_headers() skips some headers).
intl:
Fixed bug #74484 (MessageFormatter::formatMessage memory corruption with 11+ named placeholders).
libxml:
Fixed bug #76777 ("public id" parameter of libxml_set_external_entity_loader callback undefined).
mbstring:
Fixed bug #76704 (mb_detect_order return value varies based on argument type).
Opcache:
Fixed bug #76747 (Opcache treats path containing "test.pharma.tld" as a phar file).
OpenSSL:
Fixed bug #76705 (unusable ssl => peer_fingerprint in stream_context_create()).
phpdbg:
Fixed bug #76595 (phpdbg man page contains outdated information).
SPL:
Fixed bug #68825 (Exception in DirectoryIterator::getLinkTarget()).
Fixed bug #68175 (RegexIterator pregFlags are NULL instead of 0).
Standard:
Fixed bug #76778 (array_reduce leaks memory if callback throws exception).
zlib:
Fixed bug #65988 (Zlib version check fails when an include/zlib/ style dir is passed to the --with-zlib configure option).
Fixed bug #76709 (Minimal required zlib library is 1.2.0.4).
Version 7.1.21
16 Aug 2018
Calendar:
Fixed bug #52974 (jewish.c: compile error under Windows with GBK charset).
Filter:
Fixed bug #76366 (References in sub-array for filtering breaks the filter).
PDO_Firebird:
Fixed bug #76488 (Memory leak when fetching a BLOB field).
PDO_PgSQL:
Fixed bug #75402 (Possible Memory Leak using PDO::CURSOR_SCROLL option).
SQLite3:
Fixed bug #76665 (SQLite3Stmt::bindValue() with SQLITE3_FLOAT doesn't juggle).
Standard:
Fixed bug #68553 (array_column: null values in $index_key become incrementing keys in result).
Fixed bug #73817 (Incorrect entries in get_html_translation_table).
Fixed bug #76643 (Segmentation fault when using `output_add_rewrite_var`).
Zip:
Fixed bug #76524 (ZipArchive memory leak (OVERWRITE flag and empty archive)).
Version 7.1.20
19 Jul 2018
Core:
Fixed bug #76534 (PHP hangs on 'illegal string offset on string references with an error handler).
Fixed bug #76502 (Chain of mixed exceptions and errors does not serialize properly).
Date:
Fixed bug #76462 (Undefined property: DateInterval::$f).
exif:
Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
FPM:
Fixed bug #73342 (Vulnerability in php-fpm by changing stdin to non-blocking).
GMP:
Fixed bug #74670 (Integer Underflow when unserializing GMP and possible other classes).
intl:
Fixed bug #76556 (get_debug_info handler for BreakIterator shows wrong type).
mbstring:
Fixed bug #76532 (Integer overflow and excessive memory usage in mb_strimwidth).
PGSQL:
Fixed bug #76548 (pg_fetch_result did not fetch the next row).
phpdbg:
Fix arginfo wrt. optional/required parameters.
Reflection:
Fixed bug #76536 (PHP crashes with core dump when throwing exception in error handler).
Fixed bug #75231 (ReflectionProperty#getValue() incorrectly works with inherited classes).
Standard:
Fixed bug #76505 (array_merge_recursive() is duplicating sub-array keys).
Fixed bug #71848 (getimagesize with $imageinfo returns false).
Win32:
Fixed bug #76459 (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
Version 7.1.19
22 Jun 2018
CLI Server:
Fixed bug #76333 (PHP built-in server does not find files if root path contains special characters).
OpenSSL:
Fixed bug #76296 (openssl_pkey_get_public does not respect open_basedir).
Fixed bug #76174 (openssl extension fails to build with LibreSSL 2.7).
SPL:
Fixed bug #76367 (NoRewindIterator segfault 11).
Standard:
Fixed bug #76335 ("link(): Bad file descriptor" with non-ASCII path).
Fixed bug #76383 (array_map on $GLOBALS returns IS_INDIRECT).
Version 7.1.18
24 May 2018
FPM:
Fixed bug #76075 --with-fpm-acl wrongly tries to find libacl on FreeBSD.
intl:
Fixed bug #74385 (Locale::parseLocale() broken with some arguments).
Opcache:
Fixed bug #76205 (PHP-FPM sporadic crash when running Infinitewp).
Fixed bug #76275 (Assertion failure in file cache when unserializing empty try_catch_array).
Fixed bug #76281 (Opcache causes incorrect "undefined variable" errors).
Reflection:
Fixed arginfo for array_replace(_recursive) and array_merge(_recursive).
Version 7.1.17
26 Apr 2018
Date:
Fixed bug #76131 (mismatch arginfo for date_create).
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
FPM:
Fixed bug #68440 (ERROR: failed to reload: execvp() failed: Argument list too long).
Fixed incorrect write to getenv result in FPM reload.
GD:
Fixed bug #52070 (imagedashedline() - dashed line sometimes is not visible).
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
intl:
Fixed bug #76153 (Intl compilation fails with icu4c 61.1).
ldap:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
mbstring:
Fixed bug #75944 (Wrong cp1251 detection).
Fixed bug #76113 (mbstring does not build with Oniguruma 6.8.1).
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
phpdbg:
Fixed bug #76143 (Memory corruption: arbitrary NUL overwrite).
SPL:
Fixed bug #76131 (mismatch arginfo for splarray constructor).
standard:
Fixed bug #75996 (incorrect url in header for mt_rand).
Version 7.1.16
29 Mar 2018
Core:
Fixed bug #76025 (Segfault while throwing exception in error_handler).
Fixed bug #76044 ('date: illegal option -- -' in ./configure on FreeBSD).
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
GD:
Fixed bug #73957 (signed integer conversion in imagescale()).
ODBC:
Fixed bug #76088 (ODBC functions are not available by default on Windows).
Opcache:
Fixed bug #76074 (opcache corrupts variable in for-loop).
Phar:
Fixed bug #76085 (Segmentation fault in buildFromIterator when directory name contains a \n).
Standard:
Fixed bug #74139 (mail.add_x_header default inconsistent with docs).
Fixed bug #76068 (parse_ini_string fails to parse "[foo]\nbar=1|>baz" with segfault).
Version 7.1.15
01 Mar 2018
Apache2Handler:
Fixed bug #75882 (a simple way for segfaults in threadsafe php just with configuration).
Date:
Fixed bug #75857 (Timezone gets truncated when formatted).
Fixed bug #75928 (Argument 2 for `DateTimeZone::listIdentifiers()` should accept `null`).
Fixed bug #68406 (calling var_dump on a DateTimeZone object modifies it).
PGSQL:
Fixed bug #75838 (Memory leak in pg_escape_bytea()).
ODBC:
Fixed bug #73725 (Unable to retrieve value of varchar(max) type).
LDAP:
Fixed bug #49876 (Fix LDAP path lookup on 64-bit distros).
libxml2:
Fixed bug #75871 (use pkg-config where available).
Phar:
Fixed bug #65414 (deal with leading slash when adding files correctly).
SPL:
Fixed bug #74519 (strange behavior of AppendIterator).
Standard:
Fixed bug #75916 (DNS_CAA record results contain garbage).
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.1.14
01 Feb 2018
Core:
Fixed bug #75679 (Path 260 character problem).
Fixed bug #75786 (segfault when using spread operator on generator passed by reference).
Fixed bug #75799 (arg of get_defined_functions is optional).
Fixed bug #75396 (Exit inside generator finally results in fatal error).
Fixed bug #75079 (self keyword leads to incorrectly generated TypeError when in closure in trait).
FCGI:
Fixed bug #75794 (getenv() crashes on Windows 7.2.1 when second parameter is false).
IMAP:
Fixed bug #75774 (imap_append HeapCorruction).
Opcache:
Fixed bug #75720 (File cache not populated after SHM runs full).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
PGSQL:
Fixed bug #75671 (pg_version() crashes when called on a connection to cockroach).
Readline:
Fixed bug #75775 (readline_read_history segfaults with empty file).
SAPI:
Fixed bug #75735 ([embed SAPI] Segmentation fault in sapi_register_post_entry).
SOAP:
Fixed bug #70469 (SoapClient generates E_ERROR even if exceptions=1 is used).
Fixed bug #75502 (Segmentation fault in zend_string_release).
SPL:
Fixed bug #75717 (RecursiveArrayIterator does not traverse arrays by reference).
Fixed bug #75242 (RecursiveArrayIterator doesn't have constants from parent class).
Fixed bug #73209 (RecursiveArrayIterator does not iterate object properties).
Standard:
Fixed bug #75781 (substr_count incorrect result).
Version 7.1.13
04 Jan 2018
Core:
Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
Fixed bug #74862 (Unable to clone instance when private __clone defined).
Fixed bug #75074 (php-process crash when is_file() is used with strings longer 260 chars).
CLI Server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Fixed bug #73830 (Directory does not exist).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
Fixed bug #75608 ("Narrowing occurred during type inference" error).
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
Fixed bug #75570 ("Narrowing occurred during type inference" error).
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Fixed bug #75511 (fread not free unused buffer).
Fixed bug #75514 (mt_rand returns value outside [$min,$max]+ on 32-bit) (Remi)
Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Fixed bug #73124 (php_ini_scanned_files() not reporting correctly).
Fixed bug #75574 (putenv does not work properly if parameter contains non-ASCII unicode character).
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.1.12
23 Nov 2017
Core:
Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
CLI:
Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
Enchant:
Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
Fixed bug #75365 (Enchant still reports version 1.1.0).
Exif:
Fixed bug #75301 (Exif extension has built in revision version).
GD:
Fixed bug #65148 (imagerotate may alter image dimensions).
Fixed bug #75437 (Wrong reflection on imagewebp).
intl:
Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
interbase:
Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
Mysqli:
Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
OCI8:
OpenSSL:
Fixed bug #75363 (openssl_x509_parse leaks memory).
Fixed bug #75307 (Wrong reflection for openssl_open function).
Opcache:
Fixed bug #75373 (Warning Internal error: wrong size calculation).
PGSQL:
Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
SOAP:
Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
Zlib:
Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).
Version 7.1.11
26 Oct 2017
Core:
Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
Fixed bug #75236 (infinite loop when printing an error-message).
Fixed bug #75252 (Incorrect token formatting on two parse errors in one request).
Fixed bug #75220 (Segfault when calling is_callable on parent).
Fixed bug #75290 (debug info of Closures of internal functions contain garbage argument names).
Date:
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Apache2Handler:
Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
Hash:
Fixed bug #75303 (sha3 hangs on bigendian).
Intl:
Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).
litespeed:
Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
Fixed bug #75251 (Missing program prefix and suffix).
mcrypt:
Fixed bug #72535 (arcfour encryption stream filter crashes php).
MySQLi:
Fixed bug #75018 (Data corruption when reading fields of bit type).
OCI8:
Fixed incorrect reference counting.
Opcache:
Fixed bug #75255 (Request hangs and not finish).
PCRE:
Fixed bug #75207 (applied upstream patch for CVE-2016-1283).
PDO_mysql:
Fixed bug #75177 (Type 'bit' is fetched as unexpected string).
SPL:
Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
Version 7.1.10
28 Sep 2017
Core:
Fixed bug #75042 (run-tests.php issues with EXTENSION block).
BCMath:
Fixed bug #44995 (bcpowmod() fails if scale != 0).
Fixed bug #46781 (BC math handles minus zero incorrectly).
Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1).
Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus).
CLI server:
Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).
CURL:
Fixed bug #75093 (OpenSSL support not detected).
GD:
Fixed bug #75124 (gdImageGrayScale() may produce colors).
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).
Gettext:
Fixed bug #73730 (textdomain(null) throws in strict mode).
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).
Fixed bug #75193 (segfault in collator_convert_object_to_string).
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
SPL:
Fixed bug #75155 (AppendIterator::append() is broken when appending another AppendIterator).
Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
Standard:
Fixed bug #75152 (signed integer overflow in parse_iv).
Fixed bug #75097 (gethostname fails if your host name is 64 chars long).
Version 7.1.9
31 Aug 2017
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
Fixed bug #75063 (Main CWD initialized with wrong codepage).
Fixed bug #75349 (NAN comparison).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
Opcache:
Fixed bug #74980 (Narrowing occurred during type inference).
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74892 (Url Rewriting (trans_sid) not working on urls that start with "#").
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #74977 (Appending AppendIterator leads to segfault).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
Version 7.1.8
03 Aug 2017
Core:
Fixed bug #74832 (Loading PHP extension with already registered function name leads to a crash).
Fixed bug #74780 (parse_url() broken when query string contains colon).
Fixed bug #74761 (Unary operator expected error on some systems).
Fixed bug #73900 (Use After Free in unserialize() SplFixedArray).
Fixed bug #74923 (Crash when crawling through network share).
Fixed bug #74913 (fixed incorrect poll.h include).
Fixed bug #74906 (fixed incorrect errno.h include).
Date:
Fixed bug #74852 (property_exists returns true on unknown DateInterval property).
OCI8:
Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
Opcache:
Fixed bug #74623 (Infinite loop in type inference when using HTMLPurifier).
OpenSSL:
Fixed bug #74798 (pkcs7_en/decrypt does not work if \x0a is used in content).
Added OPENSSL_DONT_ZERO_PAD_KEY constant to prevent key padding and fix bug #71917 (openssl_open() returns junk on envelope < 16 bytes) and bug #72362 (OpenSSL Blowfish encryption is incorrect for short keys).
PDO:
Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).
SPL:
Fixed bug #73471 (PHP freezes with AppendIterator).
SQLite3:
Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).
Wddx:
Fixed bug #73173 (huge memleak when wddx_unserialize).
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
zlib:
Fixed bug #73944 (dictionary option of inflate_init() does not work).
Version 7.1.7
06 Jul 2017
Core:
Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed).
Fixed bug #74658 (Undefined constants in array properties result in broken properties).
Fixed misparsing of abstract unix domain socket names.
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)
Fixed bug #74101 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)
Date:
Fixed bug #74639 (implement clone for DatePeriod and DateInterval).
DOM:
Fixed bug #69373 (References to deleted XPath query results).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)
Intl:
Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)
Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key).
Mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
OCI8:
Opcache:
Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).
Revert opcache.enable_cli to default disabled.
OpenSSL:
Fixed bug #74720 (pkcs7_en/decrypt does not work if \x1a is used in content).
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
PDO_OCI:
Support Instant Client 12.2 in --with-pdo-oci configure option.
Reflection:
Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).
SPL:
Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
FTP:
Fixed bug #74598 (ftp:// wrapper ignores context arg).
PHAR:
Fixed bug #74386 (Phar::__construct reflection incorrect).
SOAP:
Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
Streams:
Fixed bug #74556 (stream_socket_get_name() returns '\0').
Version 7.1.6
07 Jun 2017
Core:
Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).
Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
Fixed bug #74589 (__DIR__ wrong for unicode character).
intl:
Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).
MySQLi:
Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
Opcache:
Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).
phar:
Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
Readline:
Fixed bug #74490 (readline() moves the cursor to the beginning of the line).
Standard:
Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
xmlreader:
Fixed bug #74457 (Wrong reflection on XMLReader::expand).
Version 7.1.5
11 May 2017
Core:
Fixed bug #74408 (Endless loop bypassing execution time limit).
Fixed bug #74353 (Segfault when killing within bash script trap code).
Fixed bug #74340 (Magic function __get has different behavior in php 7.1.x).
Fixed bug #74188 (Null coalescing operator fails for undeclared static class properties).
Fixed bug #74444 (multiple catch freezes in some cases).
Fixed bug #74410 (stream_select() is broken on Windows Nanoserver).
Fixed bug #74337 (php-cgi.exe crash on facebook callback).
Date:
Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).
Fixed bug #74080 (add constant for RFC7231 format datetime).
DOM:
Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).
Fileinfo:
Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).
GD:
Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).
MySQLnd:
Fixed bug #74376 (Invalid free of persistent results on error/connection loss).
Intl:
Fixed bug #65683 (Intl does not support DateTimeImmutable).
Fixed bug #74298 (IntlDateFormatter->format() doesn't return microseconds/fractions).
Fixed bug #74433 (wrong reflection for Normalizer methods).
Fixed bug #74439 (wrong reflection for Locale methods).
Opcache:
Fixed bug #74456 (Segmentation error while running a script in CLI mode).
Fixed bug #74431 (foreach infinite loop).
Fixed bug #74442 (Opcached version produces a nested array).
OpenSSL:
Fixed bug #73833 (null character not allowed in openssl_pkey_get_private).
Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH key).
Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).
phar:
Fixed bug #74383 (phar method parameters reflection correction).
Readline:
Fixed bug #74489 (readline() immediately returns false in interactive console mode).
Standard:
Fixed bug #72071 (setcookie allows max-age to be negative).
Fixed bug #74361 (Compaction in array_rand() violates COW).
Streams:
Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).
Version 7.1.4
13 Apr 2017
Core:
Fixed bug #74149 (static embed SAPI linkage error).
Fixed bug #73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).
Fixed bug #73960 (Leak with instance method calling static method with referenced return).
Fixed bug #69676 (Resolution of self::FOO in class constants not correct).
Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference to `isfinite').
Fixed bug #74302 (yield fromLABEL is over-greedy).
Apache:
Date:
Fixed bug #72096 (Swatch time value incorrect for dates before 1970).
DOM:
Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).
iconv:
Fixed bug #74230 (iconv fails to fail on surrogates).
Opcache:
Fixed bug #74250 (OPcache compilation performance regression in PHP 5.6/7 with huge classes).
OpenSSL:
Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).
PDO MySQL:
Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
SPL:
Fixed bug #74058 (ArrayObject can not notice changes).
SQLite:
Fixed bug #74217 (Allow creation of deterministic sqlite functions).
Streams:
Fixed bug #74216 (Correctly fail on invalid IP address ports).
zlib:
Fixed bug #74240 (deflate_add can allocate too much memory).
Version 7.1.3
16 Mar 2017
Core:
Fixed bug #74157 (Segfault with nested generators).
Fixed bug #74164 (PHP hangs when an invalid value is dynamically passed to typehinted by-ref arg).
Fixed bug #74093 (Maximum execution time of n+2 seconds exceed not written in error_log).
Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite).
Fixed bug #74084 (Out of bound read - zend_mm_alloc_small).
Fixed bug #73807 (Performance problem with processing large post request). (CVE-2017-11142)
Fixed bug #73998 (array_key_exists fails on arrays created by get_object_vars).
Fixed bug #73954 (NAN check fails on Alpine Linux with musl).
Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled build).
Apache:
Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
Date:
Fixed bug #73837 ("new DateTime()" sometimes returns 1 second ago value).
FPM:
Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
Hash:
Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).
GD:
Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).
Mysqlnd:
Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
Opcache:
Fixed bug #74019 (Segfault with list).
OpenSSL:
Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
Fixed bug #74099 (Memory leak with openssl_encrypt()).
Standard:
Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).
Fixed bug #74041 (substr_count with length=0 broken).
Fixed bug #73118 (is_callable callable name reports misleading value for anonymous classes).
Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is not available).
Streams:
Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
Version 7.1.2
16 Feb 2017
Core:
Improved GENERATOR_CREATE opcode handler.
Fixed bug #73877 (readlink() returns garbage for UTF-8 paths).
Fixed bug #73876 (Crash when exporting **= in expansion of assign op).
Fixed bug #73962 (bug with symlink related to cyrillic directory).
Fixed bug #73969 (segfault in debug_print_backtrace).
Fixed bug #73994 (arginfo incorrect for unpack).
Fixed bug #73973 (assertion error in debug_zval_dump).
DOM:
Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
DTrace:
Fixed bug #73965 (DTrace reported as enabled when disabled).
FCGI:
Fixed bug #73904 (php-cgi fails to load -c specified php.ini file).
Fixed bug #72898 (PHP_FCGI_CHILDREN is not included in phpinfo()).
FPM:
Fixed bug #69865 (php-fpm does not close stderr when using syslog).
GD:
Fixed bug #73968 (Premature failing of XBM reading).
GMP:
Fixed bug #69993 (test for gmp.h needs to test machine includes).
Hash:
Added hash_hkdf() function.
Fixed bug #73961 (environmental build dependency in hash sha3 source).
Intl:
Fixed bug #73956 (Link use CC instead of CXX).
LDAP:
Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
MySQLi:
Fixed bug #73949 (leak in mysqli_fetch_object).
Mysqlnd:
Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
Opcache:
Fixed bug #73983 (crash on finish work with phar in cli + opcache).
OpenSSL:
Fixed bug #71519 (add serial hex to return value array).
Fixed bug #73692 (Compile ext/openssl with openssl 1.1.0 on Win).
Fixed bug #73978 (openssl_decrypt triggers bug in PDO).
PDO_Firebird:
Implemented FR #72583 (All data are fetched as strings).
PDO_PgSQL:
Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).
Phar:
Fixed bug #70417 (PharData::compress() doesn't close temp file).
posix:
Fixed bug #71219 (configure script incorrectly checks for ttyname_r).
Session:
Fixed bug #69582 (session not readable by root in CLI).
SPL:
Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).
Standard:
Fixed bug #69442 (closing of fd incorrect when PTS enabled).
Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Fixed bug #72974 (imap is undefined service on AIX).
Fixed bug #72979 (money_format stores wrong length AIX).
Fixed bug #73374 (intval() with base 0 should detect binary).
Fixed bug #69061 (mail.log = syslog contains double information).
ZIP:
Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).
Version 7.1.1
19 Jan 2017
Core
Fixed bug #73792 (invalid foreach loop hangs script).
Fixed bug #73686 (Adding settype()ed values to ArrayObject results in references).
Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created with list()).
Fixed bug #73727 (ZEND_MM_BITSET_LEN is "undefined symbol" in zend_bitset.h).
Fixed bug #73753 (unserialized array pointer not advancing).
Fixed bug #73783 (SIG_IGN doesn't work when Zend Signals is enabled).
Fixed bug #73825 (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)
Fixed bug #73831 (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)
Fixed bug #73832 (Use of uninitialized memory in unserialize()). (CVE-2017-5340)
Fixed bug #73092 (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)
CLI
Fixed bug #72555 (CLI output(japanese) on Windows).
COM
Fixed bug #73679 (DOTNET read access violation using invalid codepage).
DOM
Fixed bug #67474 (getElementsByTagNameNS filter on default ns).
EXIF
Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)
GD
Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
mbstring
Fixed bug #73646 (mb_ereg_search_init null pointer dereference).
MySQLi
Fixed bug #73462 (Persistent connections don't set $connect_errno).
mysqlnd
Optimized handling of BIT fields - less memory copies and lower memory usage.
Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
opcache
Fixed bug #73789 (Strange behavior of class constants in switch/case block).
Fixed bug #73746 (Method that returns string returns UNKNOWN:0 instead).
Fixed bug #73654 (Segmentation fault in zend_call_function).
Fixed bug #73668 ("SIGFPE Arithmetic exception" in opcache when divide by minus 1).
Fixed bug #73847 (Recursion when a variable is redefined as array).
PDO Firebird
Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
Phar:
Fixed bug #73773 (Seg fault when loading hostile phar). (CVE-2017-11147)
Fixed bug #73768 (Memory corruption when loading hostile phar). (CVE-2016-10160)
Fixed bug #73764 (Crash while loading hostile phar archive). (CVE-2016-10159)
phpdbg
Fixed bug #73794 (Crash (out of memory) when using run and # command separator).
Fixed bug #73704 (phpdbg shows the wrong line in files with shebang).
SQLite3
Reverted fix for Fixed bug #73530 (Unsetting result set may reset other result set).
Standard
Fixed bug #73594 (dns_get_record does not populate $additional out parameter).
Fixed bug #70213 (Unserialize context shared on double class lookup).
Fixed bug #73154 (serialize object with __sleep function crash).
Fixed bug #70490 (get_browser function is very slow).
Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage).
(add subject to mail log).
Fixed bug #31875 (get_defined_functions additional param to exclude disabled functions).
zlib
Fixed bug #73373 (deflate_add does not verify that output was not truncated).
Version 7.1.0
01 Dec 2016
Core:
Added nullable types.
Added DFA optimization framework based on e-SSA form.
Added specialized opcode handlers (e.g. ZEND_ADD_LONG_NO_OVERFLOW).
Added [] = as alternative construct to list() =.
Added void return type.
Added support for negative string offsets in string offset syntax and various string functions.
Added a form of the list() construct where keys can be specified.
Implemented safe execution timeout handling, that prevents random crashes after "Maximum execution time exceeded" error.
Implemented the RFC `Support Class Constant Visibility`.
Implemented the RFC `Catching multiple exception types`.
Implemented logging to syslog with dynamic error levels.
Implemented FR #72614 (Support "nmake test" on building extensions by phpize).
Implemented RFC: Iterable.
Implemented RFC: Closure::fromCallable (Danack)
Implemented RFC: Replace "Missing argument" warning with "\ArgumentCountError" exception.
Implemented RFC: Fix inconsistent behavior of $this variable.
Fixed bug #73585 (Logging of "Internal Zend error - Missing class information" missing class name).
Fixed memory leak(null coalescing operator with Spl hash).
Fixed bug #72736 (Slow performance when fetching large dataset with mysqli / PDO).
Fixed bug #72978 (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)
Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)
Fixed bug #73350 (Exception::__toString() cause circular references).
Fixed bug #73329 ((Float)"Nano" == NAN).
Fixed bug #73288 (Segfault in __clone > Exception.toString > __get).
Fixed for #73240 (Write out of bounds at number_format).
Fix pthreads detection when cross-compiling (ffontaine)
Fixed bug #73337 (try/catch not working with two exceptions inside a same operation).
Fixed bug #73156 (segfault on undefined function).
Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
Fixed bug #73172 (parse error: Invalid numeric literal).
Fixed bug #73181 (parse_str() without a second argument leads to crash).
Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
Fixed bug #73058 (crypt broken when salt is 'too' long).
Fixed bug #72944 (Null pointer deref in zval_delref_p).
Fixed bug #72943 (assign_dim on string doesn't reset hval).
Fixed bug #72598 (Reference is lost after array_slice()).
Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
Fixed bug #72813 (Segfault with __get returned by ref).
Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
TypeError messages for arg_info type checks will now say "must be ... or null" where the parameter or return type accepts null.
Fixed bug #72857 (stream_socket_recvfrom read access violation).
Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization).
Fixed bug #72681 (PHP Session Data Injection Vulnerability).
Fixed bug #72742 (memory allocator fails to realloc small block to large one).
Fixed URL rewriter. It would not rewrite '//example.com/' URL unconditionally. URL rewrite target hosts whitelist is implemented.
Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
Fixed bug #72683 (getmxrr broken).
Fixed bug #72629 (Caught exception assignment to variables ignores references).
Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals).
Fixed bug #72581 (previous property undefined in Exception after deserialization).
Fixed bug #72543 (Different references behavior comparing to PHP 5).
Fixed bug #72347 (VERIFY_RETURN type casts visible in finally).
Fixed bug #72216 (Return by reference with finally is not memory safe).
Fixed bug #72215 (Wrong return value if var modified in finally).
Fixed bug #71818 (Memory leak when array altered in destructor).
Fixed bug #71539 (Memory error on $arr[$a] =& $arr[$b] if RHS rehashes).
Added new constant PHP_FD_SETSIZE.
Added optind parameter to getopt().
Added PHP to SAPI error severity mapping for logs.
Fixed bug #71911 (Unable to set --enable-debug on building extensions by phpize on Windows).
Fixed bug #29368 (The destructor is called when an exception is thrown from the constructor).
Implemented RFC: RNG Fixes.
Implemented email validation as per RFC 6531.
Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex).
Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications).
Fixed bug #72523 (dtrace issue with reflection (failed test)).
Fixed bug #72508 (strange references after recursive function call and "switch" statement).
Fixed bug #72441 (Segmentation fault: RFC list_keys).
Fixed bug #72395 (list() regression).
Fixed bug #72373 (TypeError after Generator function w/declared return type finishes).
Fixed bug #69489 (tempnam() should raise notice if falling back to temp dir).
Fixed UTF-8 and long path support on Windows.
Fixed bug #53432 (Assignment via string index access on an empty string converts to array).
Fixed bug #62210 (Exceptions can leak temporary variables).
Fixed bug #62814 (It is possible to stiffen child class members visibility).
Fixed bug #69989 (Generators don't participate in cycle GC).
Fixed bug #70228 (Memleak if return in finally block).
Fixed bug #71266 (Missing separation of properties HT in foreach etc).
Fixed bug #71604 (Aborted Generators continue after nested finally).
Fixed bug #71572 (String offset assignment from an empty string inserts null byte).
Fixed bug #71897 (ASCII 0x7F Delete control character permitted in identifiers).
Fixed bug #72188 (Nested try/finally blocks losing return value).
Fixed bug #72213 (Finally leaks on nested exceptions).
Fixed bug #47517 (php-cgi.exe missing UAC manifest).
Change statement and fcall extension handlers to accept frame.
Number operators taking numeric strings now emit E_NOTICEs or E_WARNINGs when given malformed numeric strings.
(int), intval() where $base is 10 or unspecified, settype(), decbin(), decoct(), dechex(), integer operators and other conversions now always respect scientific notation in numeric strings.
Raise a compile-time warning on octal escape sequence overflow.
Apache2handler:
Enable per-module logging in Apache 2.4+.
BCmath:
Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
Bz2:
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Fixed bug #72613 (Inadequate error handling in bzread()).
Calendar:
Fix integer overflows (Joshua Rogers)
Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
CLI Server:
Fixed bug #73360 (Unable to work in root with unicode chars).
Fixed bug #71276 (Built-in webserver does not send Date header).
COM:
Fixed bug #73126 (Cannot pass parameter 1 by reference).
Fixed bug #69579 (Invalid free in extension trait).
Fixed bug #72922 (COM called from PHP does not return out parameters).
Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).
Fixed bug #72498 (variant_date_from_timestamp null dereference).
Curl:
Implement support for handling HTTP/2 Server Push.
Add curl_multi_errno(), curl_share_errno() and curl_share_strerror() functions.
Fixed bug #72674 (Heap overflow in curl_escape).
Fixed bug #72541 (size_t overflow lead to heap corruption). (Stas).
Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
Fixed bug #71929 (CURLINFO_CERTINFO data parsing error).
Date:
Fixed bug #69587 (DateInterval properties and isset).
Fixed bug #73426 (createFromFormat with 'z' format char results in incorrect time).
Fixed bug #45554 (Inconsistent behavior of the u format char).
Fixed bug #48225 (DateTime parser doesn't set microseconds for "now").
Fixed bug #52514 (microseconds are missing in DateTime class).
Fixed bug #52519 (microseconds in DateInterval are missing).
Fixed bug #60089 (DateTime::createFromFormat() U after u nukes microtime).
Fixed bug #64887 (Allow DateTime modification with subsecond items).
Fixed bug #68506 (General DateTime improvments needed for microseconds to become useful).
Fixed bug #73109 (timelib_meridian doesn't parse dots correctly).
Fixed bug #73247 (DateTime constructor does not initialise microseconds property).
Fixed bug #73147 (Use After Free in PHP7 unserialize()).
Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).
Invalid serialization data for a DateTime or DatePeriod object will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.
Timezone initialization failure from serialized data will now throw an instance of Error from __wakeup() or __set_state() instead of resulting in a fatal error.
Export date_get_interface_ce() for extension use.
Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).
Dba:
Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
Data modification functions (e.g.: dba_insert()) now throw an instance of Error instead of triggering a catchable fatal error if the key is does not contain exactly two elements.
DOM:
Fixed bug #73150 (missing NULL check in dom_document_save_html).
Fixed bug #66502 (DOM document dangling reference).
Invalid schema or RelaxNG validation contexts will throw an instance of Error instead of resulting in a fatal error.
Attempting to register a node class that does not extend the appropriate base class will now throw an instance of Error instead of resulting in a fatal error.
Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.
DTrace:
Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
EXIF:
Fixed bug #72735 (Samsung picture thumb not read (zero size)).
Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF).
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE).
Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment).
Filter:
Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
Fixed bug #73054 (default option ignored when object passed to int filter).
Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
FPM:
Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
FTP:
Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
Implemented FR #55651 (Option to ignore the returned FTP PASV address).
GD:
Fixed bug #73213 (Integer overflow in imageline() with antialiasing).
Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()).
Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()).
Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
Fixed bug #73161 (imagecreatefromgd2() may leak memory).
Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images).
Fixed bug #72913 (imagecopy() loses single-color transparency on palette images).
Fixed bug #68716 (possible resource leaks in _php_image_convert()).
Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles).
Fixed bug #72697 (select_colors write out-of-bounds).
Fixed bug #72730 (imagegammacorrect allows arbitrary write access).
Fixed bug #72596 (imagetypes function won't advertise WEBP support).
Fixed bug #72604 (imagearc() ignores thickness for full arcs).
Fixed bug #70315 (500 Server Error but page is fully rendered).
Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
Fixed bug #72519 (imagegif/output out-of-bounds access).
Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()).
Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
Fixed bug #72494 (imagecropauto out-of-bounds access).
Fixed bug #72404 (imagecreatefromjpeg fails on selfie).
Fixed bug #43475 (Thick styled lines have scrambled patterns).
Fixed bug #53640 (XBM images require width to be multiple of 8).
Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line).
Hash:
Added SHA3 fixed mode algorithms (224, 256, 384, and 512 bit).
Added SHA512/256 and SHA512/224 algorithms.
iconv:
Fixed bug #72320 (iconv_substr returns false for empty strings).
IMAP:
Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
An email address longer than 16385 bytes will throw an instance of Error instead of resulting in a fatal error.
Interbase:
Fixed bug #73512 (Fails to find firebird headers as don't use fb_config output).
Intl:
Fixed bug #73007 (add locale length check).
Fixed bug #73218 (add mitigation for ICU int overflow).
Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence).
Fixed bug #73007 (add locale length check).
Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
Fixed bug #72658 (Locale::lookup() / locale_lookup() hangs if no match found).
Partially fixed #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
Fixed bug #72533 (locale_accept_from_http out-of-bounds access).
Failure to call the parent constructor in a class extending Collator before invoking the parent methods will throw an instance of Error instead of resulting in a recoverable fatal error.
Cloning a Transliterator object may will now throw an instance of Error instead of resulting in a fatal error if cloning the internal transliterator fails.
Added IntlTimeZone::getWindowsID() and IntlTimeZone::getIDForWindowsID().
Fixed bug #69374 (IntlDateFormatter formatObject returns wrong utf8 value).
Fixed bug #69398 (IntlDateFormatter formatObject returns wrong value when time style is NONE).
JSON:
Introduced encoder struct instead of global which fixes bugs #66025 and #73254 related to pretty print indentation.
Fixed bug #73113 (Segfault with throwing JsonSerializable).
Implemented earlier return when json_encode fails, fixes bugs #68992 (Stacking exceptions thrown by JsonSerializable) and #70275 (On recursion error, json_encode can eat up all system memory).
Implemented FR #46600 ("_empty_" key in objects).
Exported JSON parser API including json_parser_method that can be used for implementing custom logic when parsing JSON.
Escaped U+2028 and U+2029 when JSON_UNESCAPED_UNICODE is supplied as json_encode options and added JSON_UNESCAPED_LINE_TERMINATORS to restore the previous behaviour.
LDAP:
Providing an unknown modification type to ldap_batch_modify() will now throw an instance of Error instead of resulting in a fatal error.
Mbstring:
Fixed bug #73532 (Null pointer dereference in mb_eregi).
Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
Fixed bug #72711 (`mb_ereg` does not clear the `$regs` parameter on failure).
Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
Deprecated mb_ereg_replace() eval option.
Fixed bug #69151 (mb_ereg should reject ill-formed byte sequence).
Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).
Fixed bug #72399 (Use-After-Free in MBString (search_re)).
mb_ereg() and mb_eregi() will now throw an instance of ParseError if an invalid PHP expression is provided and the 'e' option is used.
Mcrypt:
Deprecated ext/mcrypt.
Fixed bug #72782 (Heap Overflow due to integer overflows).
Fixed bug #72551 , bug #72552 (In correct casting from size_t to int lead to heap overflow in mdecrypt_generic).
mcrypt_encrypt() and mcrypt_decrypt() will throw an instance of Error instead of resulting in a fatal error if mcrypt cannot be initialized.
Mysqli:
Attempting to read an invalid or write to a readonly property will throw an instance of Error instead of resulting in a fatal error.
Mysqlnd:
Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).
Fixed bug #71863 (Segfault when EXPLAIN with "Unknown column" error when using MariaDB).
Fixed bug #72701 (mysqli_get_host_info() wrong output).
OCI8:
Fixed bug #71148 (Bind reference overwritten on PHP 7).
Fixed invalid handle error with Implicit Result Sets.
Fixed bug #72524 (Binding null values triggers ORA-24816 error).
ODBC:
Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
Opcache:
Fixed bug #73583 (Segfaults when conditionally declared class and function have the same name).
Fixed bug #69090 (check cached files permissions)
Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
Fixed bug #72949 (Typo in opcache error message).
Fixed bug #72762 (Infinite loop while parsing a file with opcache enabled).
Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
OpenSSL:
Fixed bug #73478 (openssl_pkey_new() generates wrong pub/priv keys with Diffie Hellman).
Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
Fixed bug #72360 (ext/openssl build failure with OpenSSL 1.1.0).
Bumped a minimal version to 1.0.1.
Dropped support for SSL2.
Implemented FR #61204 (Add elliptic curve support for OpenSSL).
Implemented FR #67304 (Added AEAD support [CCM and GCM modes] to openssl_encrypt and openssl_decrypt).
Implemented error storing to the global queue and cleaning up the OpenSSL error queue (resolves bugs #68276 and #69882 ).
Pcntl:
Implemented asynchronous signal handling without TICKS.
Added pcntl_signal_get_handler() that returns the current signal handler for a particular signal. Addresses FR #72409 .
Add siginfo to pcntl_signal() handler args (Bishop Bettini, David Walker)
PCRE:
Fixed bug #73483 (Segmentation fault on pcre_replace_callback).
Fixed bug #73612 (preg_*() may leak memory).
Fixed bug #73392 (A use-after-free in zend allocator management).
Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
Fixed bug #72688 (preg_match missing group names in matches).
Downgraded to PCRE 8.38.
Fixed bug #72476 (Memleak in jit_stack).
Fixed bug #72463 (mail fails with invalid argument).
Upgraded to PCRE 8.39.
PDO:
Fixed bug #72788 (Invalid memory access when using persistent PDO connection).
Fixed bug #72791 (Memory leak in PDO persistent connection handling).
Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false).
PDO_DBlib:
Fixed bug #72414 (Never quote values as raw binary data).
Allow \PDO::setAttribute() to set query timeouts.
Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
Add common PDO test suite.
Free error and message strings when cleaning up PDO instances.
Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
Ignore potentially misleading dberr values.
Implemented stringify 'uniqueidentifier' fields.
PDO_Firebird:
Fixed bug #73087 , #61183 , #71494 (Memory corruption in bindParam).
Fixed bug #60052 (Integer returned as a 64bit integer on X86_64).
PDO_pgsql:
Fixed bug #70313 (PDO statement fails to throw exception).
Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).
Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).
Phar:
Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile).
Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
phpdbg:
Added generator command for inspection of currently alive generators.
Postgres:
Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).
Implemented FR #31021 (pg_last_notice() is needed to get all notice messages).
Implemented FR #48532 (Allow pg_fetch_all() to index numerically).
Readline:
Fixed bug #72538 (readline_redisplay crashes php).
Reflection:
Undo backwards compatiblity break in ReflectionType->__toString() and deprecate via documentation instead.
Reverted prepending \ for class names.
Implemented FR #38992 (invoke() and invokeArgs() static method calls should match). (cmb).
Add ReflectionNamedType::getName(). This method should be used instead of ReflectionType::__toString()
Prepend \ for class names and ? for nullable types returned from ReflectionType::__toString().
Fixed bug #72661 (ReflectionType::__toString crashes with iterable).
Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
Failure to retrieve a reflection object or retrieve an object property will now throw an instance of Error instead of resulting in a fatal error.
Fixed bug #72209 (ReflectionProperty::getValue() doesn't fail if object doesn't match type).
Session:
Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored).
Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
Fixed bug #68015 (Session does not report invalid uid for files save handler).
Fixed bug #72940 (SID always return "name=ID", even if session cookie exist).
Implemented session_gc() (Yasuo) https://wiki.php.net/rfc/session-create-id
Implemented session_create_id() (Yasuo) https://wiki.php.net/rfc/session-gc
Implemented RFC: Session ID without hashing. (Yasuo) https://wiki.php.net/rfc/session-id-without-hashing
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
Custom session handlers that do not return strings for session IDs will now throw an instance of Error instead of resulting in a fatal error when a function is called that must generate a session ID.
An invalid setting for session.hash_function will throw an instance of Error instead of resulting in a fatal error when a session ID is created.
Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
Improved fix for bug #68063 (Empty session IDs do still start sessions).
Fixed bug #71038 (session_start() returns TRUE on failure). Session save handlers must return 'string' always for successful read. i.e. Non-existing session read must return empty string. PHP 7.0 is made not to tolerate buggy return value.
Fixed bug #71394 (session_regenerate_id() must close opened session on errors).
SimpleXML:
Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
Fixed bug #72971 (SimpleXML isset/unset do not respect namespace).
Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement).
Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).
Creating an unnamed or duplicate attribute will throw an instance of Error instead of resulting in a fatal error.
SNMP:
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()).
Soap:
Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
Fixed bug #73452 (Segfault (Regression for #69152 )).
Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
Fixed bug #73237 (Nested object in "any" element overwrites other fields).
Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient).
Fixed bug #71711 (Soap Server Member variables reference bug).
Fixed bug #71996 (Using references in arrays doesn't work like expected).
SPL:
Fixed bug #73423 (Reproducible crash with GDB backtrace).
Fixed bug #72888 (Segfault on clone on splFileObject).
Fixed bug #73029 (Missing type check when unserializing SplArray).
Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
Fixed bug #72684 (AppendIterator segfault with closed generator).
Attempting to clone an SplDirectory object will throw an instance of Error instead of resulting in a fatal error.
Calling ArrayIterator::append() when iterating over an object will throw an instance of Error instead of resulting in a fatal error.
Fixed bug #55701 (GlobIterator throws LogicException).
SQLite3:
Update to SQLite 3.15.1.
Fixed bug #73530 (Unsetting result set may reset other result set).
Fixed bug #73333 (2147483647 is fetched as string).
Fixed bug #72668 (Spurious warning when exception is thrown in user defined function).
Implemented FR #72653 (SQLite should allow opening with empty filename).
Fixed bug #70628 (Clearing bindings on an SQLite3 statement doesn't work).
Implemented FR #71159 (Upgraded bundled SQLite lib to 3.9.2).
Standard:
Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
Fixed bug #73303 (Scope not inherited by eval in assert()).
Fixed bug #73192 (parse_url return wrong hostname).
Fixed bug #73203 (passing additional_parameters causes mail to fail).
Fixed bug #73203 (passing additional_parameters causes mail to fail).
Fixed bug #72920 (Accessing a private constant using constant() creates an exception AND warning).
Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
Fixed bug #55451 (substr_compare NULL length interpreted as 0).
Fixed bug #72278 (getimagesize returning FALSE on valid jpg).
Fixed bug #61967 (unset array item in array_walk_recursive cause inconsistent array).
Fixed bug #62607 (array_walk_recursive move internal pointer).
Fixed bug #69068 (Exchanging array during array_walk -> memory errors).
Fixed bug #70713 (Use After Free Vulnerability in array_walk()/ array_walk_recursive()).
Fixed bug #72622 (array_walk + array_replace_recursive create references from nothing).
Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
Implemented RFC: More precise float values.
array_multisort now uses zend_sort instead zend_qsort.
Fixed bug #72505 (readfile() mangles files larger than 2G).
assert() will throw a ParseError when evaluating a string given as the first argument if the PHP code is invalid instead of resulting in a catchable fatal error.
Calling forward_static_call() outside of a class scope will now throw an instance of Error instead of resulting in a fatal error.
Added is_iterable() function.
Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
Fixed bug #71100 (long2ip() doesn't accept integers in strict mode).
Implemented FR #55716 (Add an option to pass a custom stream context to get_headers()).
Additional validation for parse_url() for login/pass components).
Implemented FR #69359 (Provide a way to fetch the current environment variables).
unpack() function accepts an additional optional argument $offset.
Implemented FR #51879 stream context socket option tcp_nodelay (Joe)
Streams:
Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on).
Fixed bug #72853 (stream_set_blocking doesn't work).
Fixed bug #72743 (Out-of-bound read in php_stream_filter_create).
Implemented FR #27814 (Multiple small packets send for HTTP request).
Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).
Fixed bug #72810 (Missing SKIP_ONLINE_TESTS checks).
Fixed bug #41021 (Problems with the ftps wrapper).
Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
Fixed bug #72534 (stream_socket_get_name crashes).
Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
sysvshm:
Fixed bug #72858 (shm_attach null dereference).
Tidy:
Implemented support for libtidy 5.0.0 and above.
Creating a tidyNode manually will now throw an instance of Error instead of resulting in a fatal error.
Wddx:
Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)
Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
Fixed bug #72749 (wddx_deserialize allows illegal memory access).
Fixed bug #72750 (wddx_deserialize null dereference).
Fixed bug #72790 (wddx_deserialize null dereference with invalid xml).
Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element).
Fixed bug #72860 (wddx_deserialize use-after-free).
Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element).
Fixed bug #72564 (boolean always deserialized as "true").
A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.
XML:
Fixed bug #72135 (malformed XML causes fault).
Fixed bug #72714 (_xml_startElementHandler() segmentation fault).
Fixed bug #72085 (SEGV on unknown address zif_xml_parse).
XMLRPC:
Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c).
A circular reference when serializing will now throw an instance of Error instead of resulting in a fatal error.
Zip:
Fixed bug #68302 (impossible to compile php with zip support).
Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener).
ZipArchive::addGlob() will throw an instance of Error instead of resulting in a fatal error if glob support is not available.
Version 7.0.33
06 Dec 2018
Core:
Fixed bug #77231 (Segfault when using convert.quoted-printable-encode filter).
IMAP:
Fixed bug #77020 (null pointer dereference in imap_mail).
Fixed bug #77153 (imap_open allows to run arbitrary shell commands via mailbox parameter). (CVE-2018-19518)
Phar:
Fixed bug #77022 (PharData always creates new files with mode 0666).
Fixed bug #77143 (Heap Buffer Overflow (READ: 4) in phar_parse_pharfile). (CVE-2018-20783)
Version 7.0.32
13 Sep 2018
Apache2:
Fixed bug #76582 (XSS due to the header Transfer-Encoding: chunked). (CVE-2018-17082)
Version 7.0.31
19 Jul 2018
Exif:
Fixed bug #76423 (Int Overflow lead to Heap OverFlow in exif_thumbnail_extract of exif.c). (CVE-2018-14883)
Fixed bug #76557 (heap-buffer-overflow (READ of size 48) while reading exif data). (CVE-2018-14851)
Win32:
Fixed bug #76459 (windows linkinfo lacks openbasedir check). (CVE-2018-15132)
Version 7.0.30
26 Apr 2018
Exif:
Fixed bug #76130 (Heap Buffer Overflow (READ: 1786) in exif_iif_add_value). (CVE-2018-10549)
iconv:
Fixed bug #76249 (stream filter convert.iconv leads to infinite loop on invalid sequence). (CVE-2018-10546)
LDAP:
Fixed bug #76248 (Malicious LDAP-Server Response causes Crash). (CVE-2018-10548)
Phar:
Fixed bug #76129 (fix for CVE-2018-5712 may not be complete). (CVE-2018-10547)
Version 7.0.29
29 Mar 2018
FPM:
Fixed bug #75605 (Dumpable FPM child processes allow bypassing opcache access controls). (CVE-2018-10545)
Version 7.0.28
01 Mar 2018
Standard:
Fixed bug #75981 (stack-buffer-overflow while parsing HTTP response). (CVE-2018-7584)
Version 7.0.27
04 Jan 2018
CLI Server:
Fixed bug #60471 (Random "Invalid request (unexpected EOF)" using a router script).
Core:
Fixed bug #75384 (PHP seems incompatible with OneDrive files on demand).
Fixed bug #75573 (Segmentation fault in 7.1.12 and 7.0.26).
FPM:
Fixed bug #64938 (libxml_disable_entity_loader setting is shared between requests).
GD:
Fixed bug #75571 (Potential infinite loop in gdImageCreateFromGifCtx). (CVE-2018-5711)
Opcache:
Fixed bug #75579 (Interned strings buffer overflow may cause crash).
PCRE:
Fixed bug #74183 (preg_last_error not returning error code after error).
Phar:
Fixed bug #74782 (Reflected XSS in .phar 404 page). (CVE-2018-5712)
Standard:
Fixed bug #75535 (Inappropriately parsing HTTP response leads to PHP segment fault). (CVE-2018-14884)
Fixed bug #75409 (accept EFAULT in addition to ENOSYS as indicator that getrandom() is missing).
Zip:
Fixed bug #75540 (Segfault with libzip 1.3.1).
Version 7.0.26
23 Nov 2017
Core:
Fixed bug #75420 (Crash when modifing property name in __isset for BP_VAR_IS).
Fixed bug #75368 (mmap/munmap trashing on unlucky allocations).
CLI:
Fixed bug #75287 (Builtin webserver crash after chdir in a shutdown function).
Enchant:
Fixed bug #53070 (enchant_broker_get_path crashes if no path is set).
Fixed bug #75365 (Enchant still reports version 1.1.0).
Exif:
Fixed bug #75301 (Exif extension has built in revision version).
GD:
Fixed bug #65148 (imagerotate may alter image dimensions).
Fixed bug #75437 (Wrong reflection on imagewebp).
intl:
Fixed bug #75317 (UConverter::setDestinationEncoding changes source instead of destination).
interbase:
Fixed bug #75453 (Incorrect reflection for ibase_[p]connect).
Mysqli:
Fixed bug #75434 (Wrong reflection for mysqli_fetch_all function).
OCI8:
Opcache:
Fixed bug #75373 (Warning Internal error: wrong size calculation).
OpenSSL:
Fixed bug #75363 (openssl_x509_parse leaks memory).
Fixed bug #75307 (Wrong reflection for openssl_open function).
PGSQL:
Fixed bug #75419 (Default link incorrectly cleared/linked by pg_close()).
SOAP:
Fixed bug #75464 (Wrong reflection on SoapClient::__setSoapHeaders).
Zlib:
Fixed bug #75299 (Wrong reflection on inflate_init and inflate_add).
Version 7.0.25
26 Oct 2017
Core:
Fixed bug #75241 (Null pointer dereference in zend_mm_alloc_small()).
Fixed bug #75236 (infinite loop when printing an error-message).
Fixed bug #75252 (Incorrect token formatting on two parse errors in one request).
Fixed bug #75220 (Segfault when calling is_callable on parent).
Fixed bug #75290 (debug info of Closures of internal functions contain garbage argument names).
Apache2Handler:
Fixed bug #75311 (error: 'zend_hash_key' has no member named 'arKey' in apache2handler).
Date:
Fixed bug #75055 (Out-Of-Bounds Read in timelib_meridian()). (CVE-2017-16642)
Intl:
Fixed bug #75318 (The parameter of UConverter::getAliases() is not optional).
mcrypt:
Fixed bug #72535 (arcfour encryption stream filter crashes php).
OCI8:
Fixed incorrect reference counting.
PCRE:
Fixed bug #75207 (applied upstream patch for CVE-2016-1283).
litespeed:
Fixed bug #75248 (Binary directory doesn't get created when building only litespeed SAPI).
Fixed bug #75251 (Missing program prefix and suffix).
SPL:
Fixed bug #73629 (SplDoublyLinkedList::setIteratorMode masks intern flags).
Version 7.0.24
28 Sep 2017
Core:
Fixed bug #75042 (run-tests.php issues with EXTENSION block).
BCMath:
Fixed bug #44995 (bcpowmod() fails if scale != 0).
Fixed bug #46781 (BC math handles minus zero incorrectly).
Fixed bug #54598 (bcpowmod() may return 1 if modulus is 1).
Fixed bug #75178 (bcpowmod() misbehaves for non-integer base or modulus).
CLI server:
Fixed bug #70470 (Built-in server truncates headers spanning over TCP packets).
CURL:
Fixed bug #75093 (OpenSSL support not detected).
GD:
Fixed bug #75124 (gdImageGrayScale() may produce colors).
Fixed bug #75139 (libgd/gd_interpolation.c:1786: suspicious if ?).
Gettext:
Fixed bug #73730 (textdomain(null) throws in strict mode).
Intl:
Fixed bug #75090 (IntlGregorianCalendar doesn't have constants from parent class).
PDO_OCI:
Fixed bug #74631 (PDO_PCO with PHP-FPM: OCI environment initialized before PHP-FPM sets it up).
SPL:
Fixed bug #75173 (incorrect behavior of AppendIterator::append in foreach loop).
Standard:
Fixed bug #75097 (gethostname fails if your host name is 64 chars long).
Version 7.0.23
31 Aug 2017
Core:
Fixed bug #74947 (Segfault in scanner on INF number).
Fixed bug #74954 (null deref and segfault in zend_generator_resume()).
Fixed bug #74725 (html_errors=1 breaks unhandled exceptions).
Fixed bug #75349 (NAN comparison).
cURL:
Fixed bug #74125 (Fixed finding CURL on systems with multiarch support).
Date:
Fixed bug #75002 (Null Pointer Dereference in timelib_time_clone).
Intl:
Fixed bug #74993 (Wrong reflection on some locale_* functions).
Mbstring:
Fixed bug #71606 (Segmentation fault mb_strcut with HTML-ENTITIES encoding).
Fixed bug #62934 (mb_convert_kana() does not convert iteration marks).
Fixed bug #75001 (Wrong reflection on mb_eregi_replace).
MySQLi:
Fixed bug #74968 (PHP crashes when calling mysqli_result::fetch_object with an abstract class).
OCI8:
Expose oci_unregister_taf_callback() (Tianfang Yang)
phar:
Fixed bug #74991 (include_path has a 4096 char limit in some cases).
Reflection:
Fixed bug #74949 (null pointer dereference in _function_string).
Session:
Fixed bug #74833 (SID constant created with wrong module number).
SimpleXML:
Fixed bug #74950 (nullpointer deref in simplexml_element_getDocNamespaces).
SPL:
Fixed bug #75049 (spl_autoload_unregister can't handle spl_autoload_functions results).
Fixed bug #74669 (Unserialize ArrayIterator broken).
Fixed bug #75015 (Crash in recursive iterator destructors).
Standard:
Fixed bug #75075 (unpack with X* causes infinity loop).
Fixed bug #74103 (heap-use-after-free when unserializing invalid array size). (CVE-2017-12932)
Fixed bug #75054 (A Denial of Service Vulnerability was found when performing deserialization).
WDDX:
Fixed bug #73793 (WDDX uses wrong decimal seperator).
XMLRPC:
Fixed bug #74975 (Incorrect xmlrpc serialization for classes with declared properties).
Version 7.0.22
03 Aug 2017
Core:
Fixed bug #74832 (Loading PHP extension with already registered function name leads to a crash).
Fixed bug #74780 (parse_url() borken when query string contains colon).
Fixed bug #74761 (Unary operator expected error on some systems).
Fixed bug #73900 (Use After Free in unserialize() SplFixedArray).
Fixed bug #74913 (fixed incorrect poll.h include).
Fixed bug #74906 (fixed incorrect errno.h include).
Date:
Fixed bug #74852 (property_exists returns true on unknown DateInterval property).
OCI8:
Fixed bug #74625 (Integer overflow in oci_bind_array_by_name).
Opcache:
Fixed bug #74840 (Opcache overwrites argument of GENERATOR_RETURN within finally).
PDO:
Fixed bug #69356 (PDOStatement::debugDumpParams() truncates query).
SPL:
Fixed bug #73471 (PHP freezes with AppendIterator).
SQLite3:
Fixed bug #74883 (SQLite3::__construct() produces "out of memory" exception with invalid flags).
Wddx:
Fixed bug #73173 (huge memleak when wddx_unserialize).
Fixed bug #74145 (wddx parsing empty boolean tag leads to SIGSEGV). (CVE-2017-11143)
zlib:
Fixed bug #73944 (dictionary option of inflate_init() does not work).
Version 7.0.21
06 Jul 2017
Core:
Fixed bug #74738 (Multiple [PATH=] and [HOST=] sections not properly parsed).
Fixed bug #74658 (Undefined constants in array properties result in broken properties).
Fixed misparsing of abstract unix domain socket names.
Fixed bug #74101 (Unserialize Heap Use-After-Free (READ: 1) in zval_get_type). (CVE-2017-12934)
Fixed bug #74111 (Heap buffer overread (READ: 1) finish_nested_data from unserialize). (CVE-2017-12933)
Fixed bug #74603 (PHP INI Parsing Stack Buffer Overflow Vulnerability). (CVE-2017-11628)
Fixed bug #74819 (wddx_deserialize() heap out-of-bound read via php_parse_date()). (CVE-2017-11145)
DOM:
Fixed bug #69373 (References to deleted XPath query results).
GD:
Fixed bug #74435 (Buffer over-read into uninitialized memory). (CVE-2017-7890)
Intl:
Fixed bug #73473 (Stack Buffer Overflow in msgfmt_parse_message). (CVE-2017-11362)
Fixed bug #74705 (Wrong reflection on Collator::getSortKey and collator_get_sort_key).
Fixed bug #73634 (grapheme_strpos illegal memory access).
Mbstring:
Add oniguruma upstream fix (CVE-2017-9224, CVE-2017-9226, CVE-2017-9227, CVE-2017-9228, CVE-2017-9229)
OCI8:
Opcache:
Fixed bug #74663 (Segfault with opcache.memory_protect and validate_timestamp).
OpenSSL:
Fixed bug #74651 (negative-size-param (-1) in memcpy in zif_openssl_seal()). (CVE-2017-11144)
PCRE:
Fixed bug #74087 (Segmentation fault in PHP7.1.1(compiled using the bundled PCRE library)).
PDO_OCI:
Support Instant Client 12.2 in --with-pdo-oci configure option.
Reflection:
Fixed bug #74673 (Segfault when cast Reflection object to string with undefined constant).
SPL:
Fixed bug #74478 (null coalescing operator failing with SplFixedArray).
Standard:
Fixed bug #74708 (Invalid Reflection signatures for random_bytes and random_int).
Fixed bug #73648 (Heap buffer overflow in substr).
FTP:
Fixed bug #74598 (ftp:// wrapper ignores context arg).
PHAR:
Fixed bug #74386 (Phar::__construct reflection incorrect).
SOAP:
Fixed bug #74679 (Incorrect conversion array with WSDL_CACHE_MEMORY).
Streams:
Fixed bug #74556 (stream_socket_get_name() returns '\0').
Version 7.0.20
08 Jun 2017
Core:
Fixed bug #74600 (crash (SIGSEGV) in _zend_hash_add_or_update_i).
Fixed bug #74546 (SIGILL in ZEND_FETCH_CLASS_CONSTANT_SPEC_CONST_CONST).
intl:
Fixed bug #74468 (wrong reflection on Collator::sortWithSortKeys).
MySQLi:
Fixed bug #74547 (mysqli::change_user() doesn't accept null as $database argument w/strict_types).
Opcache:
Fixed bug #74596 (SIGSEGV with opcache.revalidate_path enabled).
phar:
Fixed bug #51918 (Phar::webPhar() does not handle requests sent through PUT and DELETE method).
Standard:
Fixed bug #74510 (win32/sendmail.c anchors CC header but not BCC).
xmlreader:
Fixed bug #74457 (Wrong reflection on XMLReader::expand).
Version 7.0.19
11 May 2017
Core:
Fixed bug #74188 (Null coalescing operator fails for undeclared static class properties).
Fixed bug #74408 (Endless loop bypassing execution time limit).
Fixed bug #74410 (stream_select() is broken on Windows Nanoserver).
Fixed bug #74337 (php-cgi.exe crash on facebook callback).
Patch for bug #74216 was reverted.
Date:
Fixed bug #74404 (Wrong reflection on DateTimeZone::getTransitions).
Fixed bug #74080 (add constant for RFC7231 format datetime).
DOM:
Fixed bug #74416 (Wrong reflection on DOMNode::cloneNode).
Fileinfo:
Fixed bug #74379 (syntax error compile error in libmagic/apprentice.c).
GD:
Fixed bug #74343 (compile fails on solaris 11 with system gd2 library).
intl:
Fixed bug #74433 (wrong reflection for Normalizer methods).
Fixed bug #74439 (wrong reflection for Locale methods).
MySQLi:
Fixed bug #74432 (mysqli_connect adding ":3306" to $host if $port parameter not given).
MySQLnd:
Added support for MySQL 8.0 types.
Fixed bug #74376 (Invalid free of persistent results on error/connection loss).
OpenSSL:
Fixed bug #73833 (null character not allowed in openssl_pkey_get_private).
Fixed bug #73711 (Segfault in openssl_pkey_new when generating DSA or DH key).
Fixed bug #74341 (openssl_x509_parse fails to parse ASN.1 UTCTime without seconds).
Added OpenSSL 1.1.0 support.
phar:
Fixed bug #74383 (phar method parameters reflection correction).
Standard:
Fixed bug #74409 (Reflection information for ini_get_all() is incomplete).
Fixed bug #72071 (setcookie allows max-age to be negative).
Streams:
Fixed bug #74429 (Remote socket URI with unique persistence identifier broken).
SQLite3:
Fixed bug #74413 (incorrect reflection for SQLite3::enableExceptions).
Version 7.0.18
13 Apr 2017
Core:
Fixed bug #73370 (falsely exits with "Out of Memory" when using USE_ZEND_ALLOC=0).
Fixed bug #73960 (Leak with instance method calling static method with referenced return).
Fixed bug #74265 (Build problems after 7.0.17 release: undefined reference to `isfinite').
Fixed bug #74302 (yield fromLABEL is over-greedy).
Apache:
Date:
Fixed bug #72096 (Swatch time value incorrect for dates before 1970).
DOM:
Fixed bug #74004 (LIBXML_NOWARNING flag ingnored on loadHTML*).
iconv:
Fixed bug #74230 (iconv fails to fail on surrogates).
OpenSSL:
Fixed bug #72333 (fwrite() on non-blocking SSL sockets doesn't work).
PDO MySQL:
Fixed bug #71003 (Expose MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT to PDO interface).
Streams:
Fixed bug #74216 (Correctly fail on invalid IP address ports).
Zlib:
Fixed bug #74240 (deflate_add can allocate too much memory).
Version 7.0.17
16 Mar 2017
Core:
Fixed bug #73989 (PHP 7.1 Segfaults within Symfony test suite).
Fixed bug #74084 (Out of bound read - zend_mm_alloc_small).
Fixed bug #73807 (Performance problem with processing large post request). (CVE-2017-11142)
Fixed bug #73998 (array_key_exists fails on arrays created by get_object_vars).
Fixed bug #73954 (NAN check fails on Alpine Linux with musl).
Fixed bug #74039 (is_infinite(-INF) returns false).
Fixed bug #73677 (Generating phar.phar core dump with gcc ASAN enabled build).
Apache:
Fixed bug #61471 (Incomplete POST does not timeout but is passed to PHP).
Date:
Fixed bug #72719 (Relative datetime format ignores weekday on sundays only).
Fixed bug #73294 (DateTime wrong when date string is negative).
Fixed bug #73489 (wrong timestamp when call setTimeZone multi times with UTC offset).
Fixed bug #73858 (first/last day of' flag is not being reset).
Fixed bug #73942 ($date->modify('Friday this week') doesn't return a Friday if $date is a Sunday).
Fixed bug #74057 (wrong day when using "this week" in strtotime).
FPM:
Fixed bug #69860 (php-fpm process accounting is broken with keepalive).
Hash:
Fixed bug #73127 (gost-crypto hash incorrect if input data contains long 0xFF sequence).
GD:
Fixed bug #74031 (ReflectionFunction for imagepng is missing last two parameters).
Mysqlnd:
Fixed bug #74021 (fetch_array broken data. Data more then MEDIUMBLOB).
Opcache:
Fixed bug #74152 (if statement says true to a null variable).
Fixed bug #74019 (Segfault with list).
OpenSSL:
Fixed bug #74022 (PHP Fast CGI crashes when reading from a pfx file).
Standard:
Fixed bug #74148 (ReflectionFunction incorrectly reports the number of arguments).
Fixed bug #74005 (mail.add_x_header causes RFC-breaking lone line feed).
Fixed bug #73118 (is_callable callable name reports misleading value for anonymous classes).
Fixed bug #74105 (PHP on Linux should use /dev/urandom when getrandom is not available).
Streams:
Fixed bug #73496 (Invalid memory access in zend_inline_hash_func).
Fixed bug #74090 (stream_get_contents maxlength>-1 returns empty string).
Version 7.0.16
16 Feb 2017
Core:
Fixed bug #73916 (zend_print_flat_zval_r doesn't consider reference).
Fixed bug #73876 (Crash when exporting **= in expansion of assign op).
Fixed bug #73969 (segfault in debug_print_backtrace).
Fixed bug #73973 (assertion error in debug_zval_dump).
DOM:
Fixed bug #54382 (getAttributeNodeNS doesn't get xmlns* attributes).
DTrace:
Fixed bug #73965 (DTrace reported as enabled when disabled).
FPM:
Fixed bug #67583 (double fastcgi_end_request on max_children limit).
Fixed bug #69865 (php-fpm does not close stderr when using syslog).
GD:
Fixed bug #73968 (Premature failing of XBM reading).
GMP:
Fixed bug #69993 (test for gmp.h needs to test machine includes).
Intl:
Fixed bug #73956 (Link use CC instead of CXX).
LDAP:
Fixed bug #73933 (error/segfault with ldap_mod_replace and opcache).
MySQLi:
Fixed bug #73949 (leak in mysqli_fetch_object).
Mysqlnd:
Fixed bug #69899 (segfault on close() after free_result() with mysqlnd).
Opcache:
Fixed bug #73983 (crash on finish work with phar in cli + opcache).
OpenSSL:
Fixed bug #71519 (add serial hex to return value array).
PDO_Firebird:
Implemented FR #72583 (All data are fetched as strings).
PDO_PgSQL:
Fixed bug #73959 (lastInsertId fails to throw an exception for wrong sequence name).
Phar:
Fixed bug #70417 (PharData::compress() doesn't close temp file).
posix:
Fixed bug #71219 (configure script incorrectly checks for ttyname_r).
Session:
Fixed bug #69582 (session not readable by root in CLI).
SPL:
Fixed bug #73896 (spl_autoload() crashes when calls magic _call()).
Standard:
Fixed bug #69442 (closing of fd incorrect when PTS enabled).
Fixed bug #47021 (SoapClient stumbles over WSDL delivered with "Transfer-Encoding: chunked").
Fixed bug #72974 (imap is undefined service on AIX).
Fixed bug #72979 (money_format stores wrong length AIX).
ZIP:
Fixed bug #70103 (ZipArchive::addGlob ignores remove_all_path option).
Version 7.0.15
19 Jan 2017
Core:
Fixed bug #73792 (invalid foreach loop hangs script).
Fixed bug #73663 ("Invalid opcode 65/16/8" occurs with a variable created with list()).
Fixed bug #73585 (Logging of "Internal Zend error - Missing class information" missing class name).
Fixed bug #73753 (unserialized array pointer not advancing).
Fixed bug #73825 (Heap out of bounds read on unserialize in finish_nested_data()). (CVE-2016-10161)
Fixed bug #73831 (NULL Pointer Dereference while unserialize php object). (CVE-2016-10162)
Fixed bug #73832 (Use of uninitialized memory in unserialize()). (CVE-2017-5340)
Fixed bug #73092 (Unserialize use-after-free when resizing object's properties hash table). (CVE-2016-7479)
Fixed bug #69425 (Use After Free in unserialize()).
Fixed bug #72731 (Type Confusion in Object Deserialization).
COM:
Fixed bug #73679 (DOTNET read access violation using invalid codepage).
DOM:
Fixed bug #67474 (getElementsByTagNameNS filter on default ns).
EXIF:
Fixed bug #73737 (FPE when parsing a tag format). (CVE-2016-10158)
GD:
Fixed bug #73869 (Signed Integer Overflow gd_io.c). (CVE-2016-10168)
Fixed bug #73868 (DOS vulnerability in gdImageCreateFromGd2Ctx()). (CVE-2016-10167)
GMP:
Fixed bug #70513 (GMP Deserialization Type Confusion Vulnerability).
Mysqli:
Fixed bug #73462 (Persistent connections don't set $connect_errno).
Mysqlnd:
Fixed issue with decoding BIT columns when having more than one rows in the result set. 7.0+ problem.
Fixed bug #73800 (sporadic segfault with MYSQLI_OPT_INT_AND_FLOAT_NATIVE).
PCRE:
Fixed bug #73612 (preg_*() may leak memory).
PDO_Firebird:
Fixed bug #72931 (PDO_FIREBIRD with Firebird 3.0 not work on returning statement).
Phar:
Fixed bug #73773 (Seg fault when loading hostile phar). (CVE-2017-11147)
Fixed bug #73768 (Memory corruption when loading hostile phar). (CVE-2016-10160)
Fixed bug #73764 (Crash while loading hostile phar archive). (CVE-2016-10159)
Phpdbg:
Fixed bug #73615 (phpdbg without option never load .phpdbginit at startup).
Fixed issue getting executable lines from custom wrappers.
Fixed bug #73704 (phpdbg shows the wrong line in files with shebang).
Reflection:
Fixed bug #46103 (ReflectionObject memory leak).
Streams:
Fixed bug #73586 (php_user_filter::$stream is not set to the stream the filter is working on).
SQLite3:
Reverted fix for #73530 (Unsetting result set may reset other result set).
Standard:
Fixed bug #73594 (dns_get_record does not populate $additional out parameter).
Fixed bug #70213 (Unserialize context shared on double class lookup).
Fixed bug #73154 (serialize object with __sleep function crash).
Fixed bug #70490 (get_browser function is very slow).
Fixed bug #73265 (Loading browscap.ini at startup causes high memory usage).
Fixed bug #31875 (get_defined_functions additional param to exclude disabled functions).
Zlib:
Fixed bug #73373 (deflate_add does not verify that output was not truncated).
Version 7.0.14
08 Dec 2016
Core:
Fixed memory leak(null coalescing operator with Spl hash).
Fixed bug #72736 (Slow performance when fetching large dataset with mysqli / PDO).
Fixed bug #72978 (Use After Free Vulnerability in unserialize()). (CVE-2016-9936)
Calendar:
Date:
Fixed bug #69587 (DateInterval properties and isset).
DTrace:
Disabled PHP call tracing by default (it makes significant overhead). This may be enabled again using envirionment variable USE_ZEND_DTRACE=1.
JSON:
Fixed bug #73526 (php_json_encode depth issue).
Mysqlnd:
Fixed bug #64526 (Add missing mysqlnd.* parameters to php.ini-*).
ODBC:
Fixed bug #73448 (odbc_errormsg returns trash, always 513 bytes).
Opcache:
Fixed bug #69090 (check cached files permissions).
Fixed bug #73546 (Logging for opcache has an empty file name).
PCRE:
Fixed bug #73483 (Segmentation fault on pcre_replace_callback).
Fixed bug #73392 (A use-after-free in zend allocator management).
PDO_Firebird:
Phar:
Fixed bug #73580 (Phar::isValidPharFilename illegal memory access).
Postgres:
Fixed bug #73498 (Incorrect SQL generated for pg_copy_to()).
Soap:
Fixed bug #73538 (SoapClient::__setSoapHeaders doesn't overwrite SOAP headers).
Fixed bug #73452 (Segfault (Regression for #69152 )).
SPL:
Fixed bug #73423 (Reproducible crash with GDB backtrace).
SQLite3:
Fixed bug #73530 (Unsetting result set may reset other result set).
Standard:
Fixed bug #73297 (HTTP stream wrapper should ignore HTTP 100 Continue).
Fixed bug #73645 (version_compare illegal write access).
Wddx:
Fixed bug #73631 (Invalid read when wddx decodes empty boolean element). (CVE-2016-9935)
XML:
Fixed bug #72135 (malformed XML causes fault).
Version 7.0.13
10 Nov 2016
Core:
Fixed bug #73350 (Exception::__toString() cause circular references).
Fixed bug #73181 (parse_str() without a second argument leads to crash).
Fixed bug #66773 (Autoload with Opcache allows importing conflicting class name to namespace).
Fixed bug #66862 ((Sub-)Namespaces unexpected behaviour).
Fix pthreads detection when cross-compiling.
Fixed bug #73337 (try/catch not working with two exceptions inside a same operation).
Fixed bug #73338 (Exception thrown from error handler causes valgrind warnings (and crashes)).
Fixed bug #73329 ((Float)"Nano" == NAN).
GD:
Fixed bug #73213 (Integer overflow in imageline() with antialiasing).
Fixed bug #73272 (imagescale() is not affected by, but affects imagesetinterpolation()).
Fixed bug #73279 (Integer overflow in gdImageScaleBilinearPalette()).
Fixed bug #73280 (Stack Buffer Overflow in GD dynamicGetbuf).
Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
Fixed bug #72696 (imagefilltoborder stackoverflow on truecolor images). (CVE-2016-9933)
IMAP:
Fixed bug #73418 (Integer Overflow in "_php_imap_mail" leads to crash).
OCI8:
Fixed bug #71148 (Bind reference overwritten on PHP 7).
phpdbg:
Properly allow for stdin input from a file.
Add -s command line option / stdin command for reading script from stdin.
Ignore non-executable opcodes in line mode of phpdbg_end_oplog().
Fixed bug #70776 (Simple SIGINT does not have any effect with -rr).
Fixed bug #71234 (INI files are loaded even invoked as -n --version).
Session:
Fixed bug #73273 (session_unset() empties values from all variables in which is $_session stored).
SOAP:
Fixed bug #73037 (SoapServer reports Bad Request when gzipped).
Fixed bug #73237 (Nested object in "any" element overwrites other fields).
Fixed bug #69137 (Peer verification fails when using a proxy with SoapClient)
SQLite3:
Fixed bug #73333 (2147483647 is fetched as string).
Standard:
Fixed bug #73203 (passing additional_parameters causes mail to fail).
Fixed bug #71241 (array_replace_recursive sometimes mutates its parameters).
Fixed bug #73192 (parse_url return wrong hostname).
Wddx:
Fixed bug #73331 (NULL Pointer Dereference in WDDX Packet Deserialization with PDORow). (CVE-2016-9934)
Version 7.0.12
13 Oct 2016 Core:
Fixed bug #73025 (Heap Buffer Overflow in virtual_popen of zend_virtual_cwd.c).
Fixed bug #72703 (Out of bounds global memory read in BF_crypt triggered by password_verify).
Fixed bug #73058 (crypt broken when salt is 'too' long).
Fixed bug #69579 (Invalid free in extension trait).
Fixed bug #73156 (segfault on undefined function).
Fixed bug #73163 (PHP hangs if error handler throws while accessing undef const in default value).
Fixed bug #73172 (parse error: Invalid numeric literal).
Fixed bug #73240 (Write out of bounds at number_format).
Fixed bug #73147 (Use After Free in PHP7 unserialize()).
Fixed bug #73189 (Memcpy negative size parameter php_resolve_path).
BCmath:
Fixed bug #73190 (memcpy negative parameter _bc_new_num_ex).
COM:
Fixed bug #73126 (Cannot pass parameter 1 by reference).
Date:
Fixed bug #73091 (Unserializing DateInterval object may lead to __toString invocation).
DOM:
Fixed bug #73150 (missing NULL check in dom_document_save_html).
Filter:
Fixed bug #72972 (Bad filter for the flags FILTER_FLAG_NO_RES_RANGE and FILTER_FLAG_NO_PRIV_RANGE).
Fixed bug #73054 (default option ignored when object passed to int filter).
GD:
Fixed bug #67325 (imagetruecolortopalette: white is duplicated in palette).
Fixed bug #50194 (imagettftext broken on transparent background w/o alphablending).
Fixed bug #73003 (Integer Overflow in gdImageWebpCtx of gd_webp.c).
Fixed bug #53504 (imagettfbbox gives incorrect values for bounding box).
Fixed bug #73157 (imagegd2() ignores 3rd param if 4 are given).
Fixed bug #73155 (imagegd2() writes wrong chunk sizes on boundaries).
Fixed bug #73159 (imagegd2(): unrecognized formats may result in corrupted files).
Fixed bug #73161 (imagecreatefromgd2() may leak memory).
Intl:
Fixed bug #73218 (add mitigation for ICU int overflow).
Mbstring:
Fixed bug #66797 (mb_substr only takes 32-bit signed integer).
Fixed bug #66964 (mb_convert_variables() cannot detect recursion).
Fixed bug #72992 (mbstring.internal_encoding doesn't inherit default_charset).
Mysqlnd:
Fixed bug #72489 (PHP Crashes When Modifying Array Containing MySQLi Result Data).
Opcache:
Fixed bug #72982 (Memory leak in zend_accel_blacklist_update_regexp() function).
OpenSSL:
Fixed bug #73072 (Invalid path SNI_server_certs causes segfault).
Fixed bug #73276 (crash in openssl_random_pseudo_bytes function).
Fixed bug #73275 (crash in openssl_encrypt function).
PCRE:
Fixed bug #73121 (Bundled PCRE doesn't compile because JIT isn't supported on s390).
Fixed bug #73174 (heap overflow in php_pcre_replace_impl).
PDO_DBlib:
Fixed bug #72414 (Never quote values as raw binary data).
Allow \PDO::setAttribute() to set query timeouts.
Handle SQLDECIMAL/SQLNUMERIC types, which are used by later TDS versions.
Add common PDO test suite.
Free error and message strings when cleaning up PDO instances.
Fixed bug #67130 (\PDOStatement::nextRowset() should succeed when all rows in current rowset haven't been fetched).
Ignore potentially misleading dberr values.
phpdbg:
Fixed bug #72996 (phpdbg_prompt.c undefined reference to DL_LOAD).
Fixed next command not stopping when leaving function.
Session:
Fixed bug #68015 (Session does not report invalid uid for files save handler).
Fixed bug #73100 (session_destroy null dereference in ps_files_path_create).
SimpleXML:
Fixed bug #73293 (NULL pointer dereference in SimpleXMLElement::asXML()).
SOAP:
Fixed bug #71711 (Soap Server Member variables reference bug).
Fixed bug #71996 (Using references in arrays doesn't work like expected).
SPL:
Fixed bug #73257 , Fixed bug #73258 (SplObjectStorage unserialize allows use of non-object as key).
SQLite3:
Updated bundled SQLite3 to 3.14.2.
Zip:
Fixed bug #70752 (Depacking with wrong password leaves 0 length files).
Version 7.0.11
15 Sep 2016 Core:
Fixed bug #72944 (Null pointer deref in zval_delref_p).
Fixed bug #72943 (assign_dim on string doesn't reset hval).
Fixed bug #72911 (Memleak in zend_binary_assign_op_obj_helper).
Fixed bug #72813 (Segfault with __get returned by ref).
Fixed bug #72767 (PHP Segfaults when trying to expand an infinite operator).
Fixed bug #72854 (PHP Crashes on duplicate destructor call).
Fixed bug #72857 (stream_socket_recvfrom read access violation).
COM:
Fixed bug #72922 (COM called from PHP does not return out parameters).
Dba:
Fixed bug #70825 (Cannot fetch multiple values with group in ini file).
FTP:
Fixed bug #70195 (Cannot upload file using ftp_put to FTPES with require_ssl_reuse).
GD:
Fixed bug #72709 (imagesetstyle() causes OOB read for empty $styles).
Fixed bug #66005 (imagecopy does not support 1bit transparency on truecolor images).
Fixed bug #72913 (imagecopy() loses single-color transparency on palette images).
Fixed bug #68716 (possible resource leaks in _php_image_convert()).
iconv:
Fixed bug #72320 (iconv_substr returns false for empty strings).
IMAP:
Fixed bug #72852 (imap_mail null dereference).
Intl:
Fixed bug #65732 (grapheme_*() is not Unicode compliant on CR LF sequence).
Fixed bug #73007 (add locale length check). (CVE-2016-7416)
Mysqlnd:
Fixed bug #72293 (Heap overflow in mysqlnd related to BIT fields). (CVE-2016-7412)
OCI8:
Fixed invalid handle error with Implicit Result Sets.
Fixed bug #72524 (Binding null values triggers ORA-24816 error).
Opcache:
Fixed bug #72949 (Typo in opcache error message).
PDO:
Fixed bug #72788 (Invalid memory access when using persistent PDO connection).
Fixed bug #72791 (Memory leak in PDO persistent connection handling).
Fixed bug #60665 (call to empty() on NULL result using PDO::FETCH_LAZY returns false).
PDO_DBlib:
Implemented stringify 'uniqueidentifier' fields.
PDO_pgsql:
Implemented FR #72633 (Postgres PDO lastInsertId() should work without specifying a sequence).
Fixed bug #72759 (Regression in pgo_pgsql).
Phar:
Fixed bug #72928 (Out of bound when verify signature of zip phar in phar_parse_zipfile). (CVE-2016-7414)
Fixed bug #73035 (Out of bound when verify signature of tar phar in phar_parse_tarfile).
Reflection:
Fixed bug #72846 (getConstant for a array constant with constant values returns NULL/NFC/UKNOWN).
Session:
Fixed bug #72724 (PHP7: session-uploadprogress kills httpd).
Fixed bug #72940 (SID always return "name=ID", even if session cookie exist).
SimpleXML:
Fixed bug #72971 (SimpleXML isset/unset do not respect namespace).
Fixed bug #72957 (Null coalescing operator doesn't behave as expected with SimpleXMLElement).
SPL:
Fixed bug #73029 (Missing type check when unserializing SplArray). (CVE-2016-7417)
Standard:
Fixed bug #55451 (substr_compare NULL length interpreted as 0).
Fixed bug #72278 (getimagesize returning FALSE on valid jpg).
Fixed bug #65550 (get_browser() incorrectly parses entries with "+" sign).
Streams:
Fixed bug #72853 (stream_set_blocking doesn't work).
Fixed bug #72764 (ftps:// opendir wrapper data channel encryption fails with IIS FTP 7.5, 8.5).
Fixed bug #71882 (Negative ftruncate() on php://memory exhausts memory).
SQLite3:
Downgraded bundled SQLite to 3.8.10.2, see #73068
Sysvshm:
Fixed bug #72858 (shm_attach null dereference).
Wddx:
Fixed bug #72860 (wddx_deserialize use-after-free). (CVE-2016-7413)
Fixed bug #73065 (Out-Of-Bounds Read in php_wddx_push_element). (CVE-2016-7418)
XML:
Fixed bug #72085 (SEGV on unknown address zif_xml_parse).
Fixed bug #72714 (_xml_startElementHandler() segmentation fault).
ZIP:
Fixed bug #68302 (impossible to compile php with zip support).
Version 7.0.10
18 Aug 2016 Core:
Fixed bug #72629 (Caught exception assignment to variables ignores references).
Fixed bug #72594 (Calling an earlier instance of an included anonymous class fatals).
Fixed bug #72581 (previous property undefined in Exception after deserialization).
Fixed bug #72496 (Cannot declare public method with signature incompatible with parent private method).
Fixed bug #72024 (microtime() leaks memory).
Fixed bug #71911 (Unable to set --enable-debug on building extensions by phpize on Windows).
Fixed bug causing ClosedGeneratorException being thrown into the calling code instead of the Generator yielding from.
Implemented FR #72614 (Support "nmake test" on building extensions by phpize).
Fixed bug #72641 (phpize (on Windows) ignores PHP_PREFIX).
Fixed potential segfault in object storage freeing in shutdown sequence.
Fixed bug #72663 (Create an Unexpected Object and Don't Invoke __wakeup() in Deserialization). (CVE-2016-7124)
Fixed bug #72681 (PHP Session Data Injection Vulnerability). (CVE-2016-7125)
Fixed bug #72683 (getmxrr broken).
Fixed bug #72742 (memory allocator fails to realloc small block to large one). (CVE-2016-7133)
Bz2:
Fixed bug #72837 (integer overflow in bzdecompress caused heap corruption).
Calendar:
Fixed bug #67976 (cal_days_month() fails for final month of the French calendar).
Fixed bug #71894 (AddressSanitizer: global-buffer-overflow in zif_cal_from_jd).
COM:
Fixed bug #72569 (DOTNET/COM array parameters broke in PHP7).
CURL:
Fixed bug #71709 (curl_setopt segfault with empty CURLOPT_HTTPHEADER).
Fixed bug #71929 (CURLINFO_CERTINFO data parsing error).
Fixed bug #72674 (Heap overflow in curl_escape). (CVE-2016-7134)
DOM:
Fixed bug #66502 (DOM document dangling reference).
EXIF:
Fixed bug #72735 (Samsung picture thumb not read (zero size)).
Fixed bug #72627 (Memory Leakage In exif_process_IFD_in_TIFF). (CVE-2016-7128)
Filter:
Fixed bug #71745 (FILTER_FLAG_NO_RES_RANGE does not cover whole 127.0.0.0/8 range).
FPM:
Fixed bug #72575 (using --allow-to-run-as-root should ignore missing user).
GD:
Fixed bug #72596 (imagetypes function won't advertise WEBP support).
Fixed bug #72604 (imagearc() ignores thickness for full arcs).
Fixed bug #70315 (500 Server Error but page is fully rendered).
Fixed bug #43828 (broken transparency of imagearc for truecolor in blendingmode).
Fixed bug #66555 (Always false condition in ext/gd/libgd/gdkanji.c).
Fixed bug #68712 (suspicious if-else statements).
Fixed bug #72697 (select_colors write out-of-bounds). (CVE-2016-7126)
Fixed bug #72730 (imagegammacorrect allows arbitrary write access). (CVE-2016-7127)
Fixed bug #72494 (imagecropauto out-of-bounds access)
Intl:
Fixed bug #72639 (Segfault when instantiating class that extends IntlCalendar and adds a property).
Partially fixed Fixed bug #72506 (idn_to_ascii for UTS #46 incorrect for long domain names).
mbstring:
Fixed bug #72691 (mb_ereg_search raises a warning if a match zero-width).
Fixed bug #72693 (mb_ereg_search increments search position when a match zero-width).
Fixed bug #72694 (mb_ereg_search_setpos does not accept a string's last position).
Fixed bug #72710 (`mb_ereg` causes buffer overflow on regexp compile error).
Mcrypt:
Fixed bug #72782 (Heap Overflow due to integer overflows).
Opcache:
Fixed bug #72590 (Opcache restart with kill_all_lockers does not work).
PCRE:
Fixed bug #72688 (preg_match missing group names in matches).
PDO_pgsql:
Fixed bug #70313 (PDO statement fails to throw exception).
Reflection:
Fixed bug #72222 (ReflectionClass::export doesn't handle array constants).
SimpleXML:
Fixed bug #72588 (Using global var doesn't work while accessing SimpleXML element).
SNMP:
Fixed bug #72708 (php_snmp_parse_oid integer overflow in memory allocation).
SPL:
Fixed bug #55701 (GlobIterator throws LogicException).
Fixed bug #72646 (SplFileObject::getCsvControl does not return the escape character).
Fixed bug #72684 (AppendIterator segfault with closed generator).
SQLite3:
Fixed bug #72668 (Spurious warning when exception is thrown in user defined function).
Fixed bug #72571 (SQLite3::bindValue, SQLite3::bindParam crash).
Implemented FR #72653 (SQLite should allow opening with empty filename).
Updated to SQLite3 3.13.0.
Standard:
Fixed bug #72622 (array_walk + array_replace_recursive create references from nothing).
Fixed bug #72152 (base64_decode $strict fails to detect null byte).
Fixed bug #72263 (base64_decode skips a character after padding in strict mode).
Fixed bug #72264 (base64_decode $strict fails with whitespace between padding).
Fixed bug #72330 (CSV fields incorrectly split if escape char followed by UTF chars).
Streams:
Fixed bug #41021 (Problems with the ftps wrapper).
Fixed bug #54431 (opendir() does not work with ftps:// wrapper).
Fixed bug #72667 (opendir() with ftp:// attempts to open data stream for non-existent directories).
Fixed bug #72771 (ftps:// wrapper is vulnerable to protocol downgrade attack).
XMLRPC:
Fixed bug #72647 (xmlrpc_encode() unexpected output after referencing array elements).
Wddx:
Fixed bug #72564 (boolean always deserialized as "true").
Fixed bug #72142 (WDDX Packet Injection Vulnerability in wddx_serialize_value()).
Fixed bug #72749 (wddx_deserialize allows illegal memory access). (CVE-2016-7129)
Fixed bug #72750 (wddx_deserialize null dereference). (CVE-2016-7130)
Fixed bug #72790 (wddx_deserialize null dereference with invalid xml). (CVE-2016-7131)
Fixed bug #72799 (wddx_deserialize null dereference in php_wddx_pop_element). (CVE-2016-7132)
Zip:
Fixed bug #72660 (NULL Pointer dereference in zend_virtual_cwd).
Version 7.0.9
21 Jul 2016 Core:
Fixed bug #72508 (strange references after recursive function call and "switch" statement).
Fixed bug #72513 (Stack-based buffer overflow vulnerability in virtual_file_ex). (CVE-2016-6289)
Fixed bug #72573 (HTTP_PROXY is improperly trusted by some PHP libraries and applications). (CVE-2016-5385)
bz2:
Fixed bug #72613 (Inadequate error handling in bzread()). (CVE-2016-5399)
CLI:
Fixed bug #72484 (SCRIPT_FILENAME shows wrong path if the user specify router.php).
COM:
Fixed bug #72498 (variant_date_from_timestamp null dereference).
Curl:
Fixed bug #72541 (size_t overflow lead to heap corruption).
Date:
Fixed bug #66836 (DateTime::createFromFormat 'U' with pre 1970 dates fails parsing).
Exif:
Fixed bug #72603 (Out of bound read in exif_process_IFD_in_MAKERNOTE). (CVE-2016-6291)
Fixed bug #72618 (NULL Pointer Dereference in exif_process_user_comment). (CVE-2016-6292)
GD:
Fixed bug #43475 (Thick styled lines have scrambled patterns).
Fixed bug #53640 (XBM images require width to be multiple of 8).
Fixed bug #64641 (imagefilledpolygon doesn't draw horizontal line).
Fixed bug #72512 (gdImageTrueColorToPaletteBody allows arbitrary write/read access).
Fixed bug #72519 (imagegif/output out-of-bounds access).
Fixed bug #72558 (Integer overflow error within _gdContributionsAlloc()). (CVE-2016-6207)
Fixed bug #72482 (Ilegal write/read access caused by gdImageAALine overflow).
Fixed bug #72494 (imagecropauto out-of-bounds access).
Intl:
Fixed bug #72533 (locale_accept_from_http out-of-bounds access). (CVE-2016-6294)
Mbstring:
Fixed bug #72405 (mb_ereg_replace - mbc_to_code (oniguruma) - oob read access).
Fixed bug #72399 (Use-After-Free in MBString (search_re)).
mcrypt:
Fixed bug #72551 , bug #72552 (Incorrect casting from size_t to int lead to heap overflow in mdecrypt_generic).
PDO_pgsql:
Fixed bug #72570 (Segmentation fault when binding parameters on a query without placeholders).
PCRE:
Fixed bug #72476 (Memleak in jit_stack).
Fixed bug #72463 (mail fails with invalid argument).
Readline:
Fixed bug #72538 (readline_redisplay crashes php).
Standard:
Fixed bug #72505 (readfile() mangles files larger than 2G).
Fixed bug #72306 (Heap overflow through proc_open and $env parameter).
Session:
Fixed bug #72531 (ps_files_cleanup_dir Buffer overflow).
Fixed bug #72562 (Use After Free in unserialize() with Unexpected Session Deserialization).
SNMP:
Fixed bug #72479 (Use After Free Vulnerability in SNMP with GC and unserialize()). (CVE-2016-6295)
Streams:
Fixed bug #72439 (Stream socket with remote address leads to a segmentation fault).
XMLRPC:
Fixed bug #72606 (heap-buffer-overflow (write) simplestring_addn simplestring.c). (CVE-2016-6296)
Zip:
Fixed bug #72520 (Stack-based buffer overflow vulnerability in php_stream_zip_opener). (CVE-2016-6297)
Version 7.0.8
23 Jun 2016 Core:
Fixed bug #72218 (If host name cannot be resolved then PHP 7 crashes).
Fixed bug #72221 (segfault, past-the-end access).
Fixed bug #72268 (Integer Overflow in nl2br()).
Fixed bug #72275 (Integer Overflow in json_encode()/json_decode()/ json_utf8_to_utf16()).
Fixed bug #72400 (Integer Overflow in addcslashes/addslashes).
Fixed bug #72403 (Integer Overflow in Length of String-typed ZVAL).
Date:
Fixed bug #63740 (strtotime seems to use both sunday and monday as start of week).
FPM:
Fixed bug #72308 (fastcgi_finish_request and logging environment variables).
GD:
Fixed bug #72298 (pass2_no_dither out-of-bounds access).
Fixed bug #72337 (invalid dimensions can lead to crash).
Fixed bug #72339 (Integer Overflow in _gd2GetHeader() resulting in heap overflow). (CVE-2016-5766)
Fixed bug #72407 (NULL Pointer Dereference at _gdScaleVert).
Fixed bug #72446 (Integer Overflow in gdImagePaletteToTrueColor() resulting in heap overflow). (CVE-2016-5767)
Intl:
Fixed bug #70484 (selectordinal doesn't work with named parameters).
mbstring:
Fixed bug #72402 (_php_mb_regex_ereg_replace_exec - double free). (CVE-2016-5768)
mcrypt:
Fixed bug #72455 (Heap Overflow due to integer overflows). (CVE-2016-5769)
OpenSSL:
Fixed bug #72140 (segfault after calling ERR_free_strings()).
PCRE:
Fixed bug #72143 (preg_replace uses int instead of size_t).
PDO_pgsql:
Fixed bug #71573 (Segfault (core dumped) if paramno beyond bound).
Fixed bug #72294 (Segmentation fault/invalid pointer in connection with pgsql_stmt_dtor).
Phar:
Fixed bug #72321 (invalid free in phar_extract_file()). (CVE-2016-4473)
Phpdbg:
Fixed bug #72284 (phpdbg fatal errors with coverage).
Postgres:
Fixed bug #72195 (pg_pconnect/pg_connect cause use-after-free).
Fixed bug #72197 (pg_lo_create arbitrary read).
Standard:
Fixed bug #72017 (range() with float step produces unexpected result).
Fixed bug #72193 (dns_get_record returns array containing elements of type 'unknown').
Fixed bug #72229 (Wrong reference when serialize/unserialize an object).
Fixed bug #72300 (ignore_user_abort(false) has no effect).
WDDX:
Fixed bug #72340 (Double Free Courruption in wddx_deserialize). (CVE-2016-5772)
XML:
Fixed bug #72206 (xml_parser_create/xml_parser_free leaks mem).
XMLRPC:
Fixed bug #72155 (use-after-free caused by get_zval_xmlrpc_type).
Zip:
Fixed bug #72258 (ZipArchive converts filenames to unrecoverable form).
Fixed bug #72434 (ZipArchive class Use After Free Vulnerability in PHP's GC algorithm and unserialize). (CVE-2016-5773)
Version 7.0.7
26 May 2016 Core:
Fixed bug #72162 (use-after-free - error_reporting).
Add compiler option to disable special case function calls.
Fixed bug #72101 (crash on complex code).
Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer).
Fixed bug #72057 (PHP Hangs when using custom error handler and typehint).
Fixed bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice).
Fixed bug #71737 (Memory leak in closure with parameter named $this).
Fixed bug #72059 (?? is not allowed on constant expressions).
Fixed bug #72159 (Imported Class Overrides Local Class Name).
Curl:
Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE).
DBA:
Fixed bug #72157 (use-after-free caused by dba_open).
GD:
Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456)
Intl:
Fixed bug #64524 (Add intl.use_exceptions to php.ini-*).
Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093)
JSON:
Fixed bug #72069 (Behavior \JsonSerializable different from json_encode).
Mbstring:
Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace).
OCI8:
Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns).
Opcache:
Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error).
OpenSSL:
Fixed bug #72165 (Null pointer dereference - openssl_csr_new).
PCNTL:
Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite).
POSIX:
Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL).
Postgres:
Fixed bug #72028 (pg_query_params(): NULL converts to empty string).
Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype timestamp).
Fixed bug #72151 (mysqli_fetch_object changed behaviour). Patch to #71820 is reverted.
Reflection:
Fixed bug #72174 (ReflectionProperty#getValue() causes __isset call).
Session:
Fixed bug #71972 (Cyclic references causing session_start(): Failed to decode session object).
Sockets:
Added socket_export_stream() function for getting a stream compatible resource from a socket resource.
SPL:
Fixed bug #72051 (The reference in CallbackFilterIterator doesn't work as expected).
SQLite3:
Fixed bug #68849 (bindValue is not using the right data type).
Standard:
Fixed bug #72075 (Referencing socket resources breaks stream_select).
Fixed bug #72031 (array_column() against an array of objects discards all values matching null).
Version 7.0.6
28 Apr 2016 Core:
Fixed bug #71930 (_zval_dtor_func: Assertion `(arr)->gc.refcount <= 1' failed).
Fixed bug #71922 (Crash on assert(new class{})).
Fixed bug #71914 (Reference is lost in "switch").
Fixed bug #71871 (Interfaces allow final and abstract functions).
Fixed bug #71859 (zend_objects_store_call_destructors operates on realloced memory, crashing).
Fixed bug #71841 (EG(error_zval) is not handled well).
Fixed bug #71750 (Multiple Heap Overflows in php_raw_url_encode/ php_url_encode).
Fixed bug #71731 (Null coalescing operator and ArrayAccess).
Fixed bug #71609 (Segmentation fault on ZTS with gethostbyname).
Fixed bug #71414 (Inheritance, traits and interfaces).
Fixed bug #71359 (Null coalescing operator and magic).
Fixed bug #71334 (Cannot access array keys while uksort()).
Fixed bug #69659 (ArrayAccess, isset() and the offsetExists method).
Fixed bug #69537 (__debugInfo with empty string for key gives error).
Fixed bug #62059 (ArrayObject and isset are not friends).
Fixed bug #71980 (Decorated/Nested Generator is Uncloseable in Finally).
BCmath:
Fixed bug #72093 (bcpowmod accepts negative scale and corrupts _one_ definition). (CVE-2016-4537, CVE-2016-4538)
Curl:
Fixed bug #71831 (CURLOPT_NOPROXY applied as long instead of string).
Date:
Fixed bug #71889 (DateInterval::format Segmentation fault).
EXIF:
Fixed bug #72094 (Out of bounds heap read access in exif header processing). (CVE-2016-4542, CVE-2016-4543, CVE-2016-4544)
GD:
Fixed bug #71912 (libgd: signedness vulnerability). (CVE-2016-3074)
Intl:
Fixed bug #71516 (IntlDateFormatter looses locale if pattern is set via constructor).
Fixed bug #70455 (Missing constant: IntlChar::NO_NUMERIC_VALUE).
Fixed bug #70451 , #70452 (Inconsistencies in return values of IntlChar methods).
Fixed bug #68893 (Stackoverflow in datefmt_create).
Fixed bug #66289 (Locale::lookup incorrectly returns en or en_US if locale is empty).
Fixed bug #70484 (selectordinal doesn't work with named parameters).
Fixed bug #72061 (Out-of-bounds reads in zif_grapheme_stripos with negative offset). (CVE-2016-4540, CVE-2016-4541)
ODBC:
Fixed bug #63171 (Script hangs after max_execution_time).
Opcache:
Fixed bug #71843 (null ptr deref ZEND_RETURN_SPEC_CONST_HANDLER).
PDO:
Fixed bug #52098 (Own PDOStatement implementation ignore __call()).
Fixed bug #71447 (Quotes inside comments not properly handled).
PDO_DBlib:
Fixed bug #71943 (dblib_handle_quoter needs to allocate an extra byte).
Add DBLIB-specific attributes for controlling timeouts.
PDO_pgsql:
Fixed bug #62498 (pdo_pgsql inefficient when getColumnMeta() is used).
Postgres:
Fixed bug #71820 (pg_fetch_object binds parameters before call constructor).
Fixed bug #71998 (Function pg_insert does not insert when column type = inet).
SOAP:
Fixed bug #71986 (Nested foreach assign-by-reference creates broken variables).
SPL:
Fixed bug #71838 (Deserializing serialized SPLObjectStorage-Object can't access properties in PHP).
Fixed bug #71735 (Double-free in SplDoublyLinkedList::offsetSet).
Fixed bug #67582 (Cloned SplObjectStorage with overwritten getHash fails offsetExists()).
Fixed bug #52339 (SPL autoloader breaks class_exists()).
Standard:
Fixed bug #72116 (array_fill optimization breaks implementation).
Fixed bug #71995 (Returning the same var twice from __sleep() produces broken serialized data).
Fixed bug #71940 (Unserialize crushes on restore object reference).
Fixed bug #71969 (str_replace returns an incorrect resulting array after a foreach by reference).
Fixed bug #71891 (header_register_callback() and register_shutdown_function()).
Fixed bug #71884 (Null pointer deref (segfault) in stream_context_get_default).
Fixed bug #71840 (Unserialize accepts wrongly data).
Fixed bug #71837 (Wrong arrays behaviour).
Fixed bug #71827 (substr_replace bug, string length).
Fixed bug #67512 (php_crypt() crashes if crypt_r() does not exist or _REENTRANT is not defined).
XML:
Fixed bug #72099 (xml_parse_into_struct segmentation fault). (CVE-2016-4539)
Zip:
Fixed bug #71923 (integer overflow in ZipArchive::getFrom*). (CVE-2016-3078)
Version 7.0.5
31 Mar 2016 Core:
Huge pages disabled by default.
Added ability to enable huge pages in Zend Memory Manager through the environment variable USE_ZEND_ALLOC_HUGE_PAGES=1.
Fixed bug #71756 (Call-by-reference widens scope to uninvolved functions when used in switch).
Fixed bug #71729 (Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod).
Fixed bug #71695 (Global variables are reserved before execution).
Fixed bug #71629 (Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397).
Fixed bug #71622 (Strings used in pass-as-reference cannot be used to invoke C::$callable()).
Fixed bug #71596 (Segmentation fault on ZTS with date function (setlocale)).
Fixed bug #71535 (Integer overflow in zend_mm_alloc_heap()).
Fixed bug #71470 (Leaked 1 hashtable iterators).
Fixed bug #71575 (ISO C does not allow extra ‘;’ outside of a function).
Fixed bug #71724 (yield from does not count EOLs).
Fixed bug #71767 (ReflectionMethod::getDocComment returns the wrong comment).
Fixed bug #71806 (php_strip_whitespace() fails on some numerical values).
Fixed bug #71624 (`php -R` (PHP_MODE_PROCESS_STDIN) is broken).
CLI Server:
Fixed bug #69953 (Support MKCALENDAR request method).
Curl:
Fixed bug #71694 (Support constant CURLM_ADDED_ALREADY).
Date:
Fixed bug #71635 (DatePeriod::getEndDate segfault).
Fileinfo:
Fixed bug #71527 (Buffer over-write in finfo_open with malformed magic file). (CVE-2015-8865)
libxml:
Fixed bug #71536 (Access Violation crashes php-cgi.exe).
mbstring:
Fixed bug #71906 (AddressSanitizer: negative-size-param (-1) in mbfl_strcut). (CVE-2016-4073)
ODBC:
Fixed bug #47803 , #69526 (Executing prepared statements is succesfull only for the first two statements).
PCRE:
Fixed bug #71659 (segmentation fault in pcre running twig tests).
PDO_DBlib:
Fixed bug #54648 (PDO::MSSQL forces format of datetime fields).
Phar:
Fixed bug #71625 (Crash in php7.dll with bad phar filename).
Fixed bug #71317 (PharData fails to open specific file).
Fixed bug #71860 (Invalid memory write in phar on filename with \0 in name). (CVE-2016-4072)
phpdbg:
Fixed crash when advancing (except step) inside an internal function.
Session:
Fixed bug #71683 (Null pointer dereference in zend_hash_str_find_bucket).
SNMP:
Fixed bug #71704 (php_snmp_error() Format String Vulnerability). (CVE-2016-4071)
SPL:
Fixed bug #71617 (private properties lost when unserializing ArrayObject).
Standard:
Fixed bug #71660 (array_column behaves incorrectly after foreach by reference).
Fixed bug #71798 (Integer Overflow in php_raw_url_encode). (CVE-2016-4070)
Zip:
Update bundled libzip to 1.1.2.
Version 7.0.4
03 Mar 2016 Core:
Fixed bug (Low probability segfault in zend_arena).
Fixed bug #71441 (Typehinted Generator with return in try/finally crashes).
Fixed bug #71442 (forward_static_call crash).
Fixed bug #71443 (Segfault using built-in webserver with intl using symfony).
Fixed bug #71449 (An integer overflow bug in php_implode()).
Fixed bug #71450 (An integer overflow bug in php_str_to_str_ex()).
Fixed bug #71474 (Crash because of VM stack corruption on Magento2).
Fixed bug #71485 (Return typehint on internal func causes Fatal error when it throws exception).
Fixed bug #71529 (Variable references on array elements don't work when using count).
Fixed bug #71601 (finally block not executed after yield from).
Fixed bug #71637 (Multiple Heap Overflow due to integer overflows in xml/filter_url/addcslashes). (CVE-2016-4344, CVE-2016-4345, CVE-2016-4346)
CLI server:
Fixed bug #71559 (Built-in HTTP server, we can download file in web by bug).
CURL:
Fixed bug #71523 (Copied handle with new option CURLOPT_HTTPHEADER crashes while curl_multi_exec).
Fixed memory leak in curl_getinfo().
Date:
Fixed bug #71525 (Calls to date_modify will mutate timelib_rel_time, causing date_date_set issues).
Fileinfo:
Fixed bug #71434 (finfo throws notice for specific python file).
FPM:
Fixed bug #62172 (FPM not working with Apache httpd 2.4 balancer/fcgi setup).
Fixed bug #71269 (php-fpm dumped core).
Opcache:
Fixed bug #71584 (Possible use-after-free of ZCG(cwd) in Zend Opcache).
PCRE:
Fixed bug #71537 (PCRE segfault from Opcache).
phpdbg:
Fixed inherited functions from unspecified files being included in phpdbg_get_executable().
SOAP:
Fixed bug #71610 (Type Confusion Vulnerability - SOAP / make_http_soap_request()). (CVE-2016-3185)
Standard:
Fixed bug #71603 (compact() maintains references in php7).
Fixed bug #70720 (strip_tags improper php code parsing).
XMLRPC:
Fixed bug #71501 (xmlrpc_encode_request ignores encoding option).
Zip:
Fixed bug #71561 (NULL pointer dereference in Zip::ExtractTo).
Version 7.0.3
04 Feb 2016 Core:
Added support for new HTTP 451 code.
Fixed bug #71039 (exec functions ignore length but look for NULL termination).
Fixed bug #71089 (No check to duplicate zend_extension).
Fixed bug #71201 (round() segfault on 64-bit builds).
Fixed bug #71221 (Null pointer deref (segfault) in get_defined_vars via ob_start).
Fixed bug #71248 (Wrong interface is enforced).
Fixed bug #71273 (A wrong ext directory setup in php.ini leads to crash).
Fixed bug #71275 (Bad method called on cloning an object having a trait).
Fixed bug #71297 (Memory leak with consecutive yield from).
Fixed bug #71300 (Segfault in zend_fetch_string_offset).
Fixed bug #71314 (var_export(INF) prints INF.0).
Fixed bug #71323 (Output of stream_get_meta_data can be falsified by its input).
Fixed bug #71336 (Wrong is_ref on properties as exposed via get_object_vars()).
Fixed bug #71459 (Integer overflow in iptcembed()).
Apache2handler:
Fix >2G Content-Length headers in apache2handler.
CURL:
Fixed bug #71227 (Can't compile php_curl statically).
Fixed bug #71225 (curl_setopt() fails to set CURLOPT_POSTFIELDS with reference to CURLFile).
GD:
Interbase:
Fixed bug #71305 (Crash when optional resource is omitted).
LDAP:
Fixed bug #71249 (ldap_mod_replace/ldap_mod_add store value as string "Array").
mbstring:
Fixed bug #71397 (mb_send_mail segmentation fault).
OpenSSL:
Fixed bug #71475 (openssl_seal() uninitialized memory usage).
PCRE:
Upgraded bundled PCRE library to 8.38. (CVE-2015-8383, CVE-2015-8386, CVE-2015-8387, CVE-2015-8389, CVE-2015-8390, CVE-2015-8391, CVE-2015-8393, CVE-2015-8394)
Phar:
Fixed bug #71354 (Heap corruption in tar/zip/phar parser). (CVE-2016-4342)
Fixed bug #71331 (Uninitialized pointer in phar_make_dirstream()). (CVE-2016-4343)
Fixed bug #71391 (NULL Pointer Dereference in phar_tar_setupmetadata()).
Fixed bug #71488 (Stack overflow when decompressing tar archives). (CVE-2016-2554)
SOAP:
Fixed bug #70979 (crash with bad soap request).
SPL:
Fixed bug #71204 (segfault if clean spl_autoload_funcs while autoloading).
Fixed bug #71202 (Autoload function registered by another not activated immediately).
Fixed bug #71311 (Use-after-free vulnerability in SPL(ArrayObject, unserialize)).
Fixed bug #71313 (Use-after-free vulnerability in SPL(SplObjectStorage, unserialize)).
Standard:
Fixed bug #71287 (Error message contains hexadecimal instead of decimal number).
Fixed bug #71264 (file_put_contents() returns unexpected value when filesystem runs full).
Fixed bug #71245 (file_get_contents() ignores "header" context option if it's a reference).
Fixed bug #71220 (Null pointer deref (segfault) in compact via ob_start).
Fixed bug #71190 (substr_replace converts integers in original $search array to strings).
Fixed bug #71188 (str_replace converts integers in original $search array to strings).
Fixed bug #71132 , #71197 (range() segfaults).
WDDX:
Fixed bug #71335 (Type Confusion in WDDX Packet Deserialization).
Version 7.0.2
07 Jan 2016 Core:
Fixed bug #71165 (-DGC_BENCH=1 doesn't work on PHP7).
Fixed bug #71163 (Segmentation Fault: cleanup_unfinished_calls).
Fixed bug #71109 (ZEND_MOD_CONFLICTS("xdebug") doesn't work).
Fixed bug #71092 (Segmentation fault with return type hinting).
Fixed bug memleak in header_register_callback.
Fixed bug #71067 (Local object in class method stays in memory for each call).
Fixed bug #66909 (configure fails utf8_to_mutf7 test).
Fixed bug #70781 (Extension tests fail on dynamic ext dependency).
Fixed bug #71089 (No check to duplicate zend_extension).
Fixed bug #71086 (Invalid numeric literal parse error within highlight_string() function).
Fixed bug #71154 (Incorrect HT iterator invalidation causes iterator reuse).
Fixed bug #52355 (Negating zero does not produce negative zero).
Fixed bug #66179 (var_export() exports float as integer).
Fixed bug #70804 (Unary add on negative zero produces positive zero).
CURL:
Fixed bug #71144 (Sementation fault when using cURL with ZTS).
DBA:
Fixed key leak with invalid resource.
Filter:
Fixed bug #71063 (filter_input(INPUT_ENV, ..) does not work).
FTP:
Implemented FR #55651 (Option to ignore the returned FTP PASV address).
FPM:
Fixed bug #70755 (fpm_log.c memory leak and buffer overflow). (CVE-2016-5114)
GD:
Fixed bug #70976 (Memory Read via gdImageRotateInterpolated Array Index Out of Bounds). (CVE-2016-1903)
Mbstring:
Fixed bug #71066 (mb_send_mail: Program terminated with signal SIGSEGV, Segmentation fault).
Opcache:
Fixed bug #71127 (Define in auto_prepend_file is overwrite).
PCRE:
Fixed bug #71178 (preg_replace with arrays creates [0] in replace array if not already set).
Readline:
Fixed bug #71094 (readline_completion_function corrupts static array on second TAB).
Session:
Fixed bug #71122 (Session GC may not remove obsolete session data).
SPL:
Fixed bug #71077 (ReflectionMethod for ArrayObject constructor returns wrong number of parameters).
Fixed bug #71153 (Performance Degradation in ArrayIterator with large arrays).
Standard:
Fixed bug #71270 (Heap BufferOver Flow in escapeshell functions). (CVE-2016-1904)
WDDX:
Fixed bug #70661 (Use After Free Vulnerability in WDDX Packet Deserialization).
Fixed bug #70741 (Session WDDX Packet Deserialization Type Confusion Vulnerability).
XMLRPC:
Fixed bug #70728 (Type Confusion Vulnerability in PHP_to_XMLRPC_worker).
Version 7.0.1
17 Dec 2015 Core:
Fixed bug #71105 (Format String Vulnerability in Class Name Error Message). (CVE-2015-8617)
Fixed bug #70831 (Compile fails on system with 160 CPUs).
Fixed bug #71006 (symbol referencing errors on Sparc/Solaris).
Fixed bug #70997 (When using parentClass:: instead of parent::, static context changed).
Fixed bug #70970 (Segfault when combining error handler with output buffering).
Fixed bug #70967 (Weird error handling for __toString when Error is thrown).
Fixed bug #70958 (Invalid opcode while using ::class as trait method paramater default value).
Fixed bug #70944 (try{ } finally{} can create infinite chains of exceptions).
Fixed bug #70931 (Two errors messages are in conflict).
Fixed bug #70904 (yield from incorrectly marks valid generator as finished).
Fixed bug #70899 (buildconf failure in extensions).
Fixed bug #61751 (SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions).
Fixed \int (or generally every scalar type name with leading backslash) to not be accepted as type name.
Fixed exception not being thrown immediately into a generator yielding from an array.
Fixed bug #70987 (static::class within Closure::call() causes segfault).
Fixed bug #71013 (Incorrect exception handler with yield from).
Fixed double free in error condition of format printer.
CLI server:
Fixed bug #71005 (Segfault in php_cli_server_dispatch_router()).
Intl:
Fixed bug #71020 (Use after free in Collator::sortWithSortKeys). (CVE-2015-8616)
Mysqlnd:
Fixed bug #68077 (LOAD DATA LOCAL INFILE / open_basedir restriction).
Fixed bug #68344 (MySQLi does not provide way to disable peer certificate validation) by introducing MYSQLI_CLIENT_SSL_DONT_VERIFY_SERVER_CERT connection flag.
OCI8:
Fixed LOB implementation size_t/zend_long mismatch reported by gcov.
Opcache:
Fixed bug #71024 (Unable to use PHP 7.0 x64 side-by-side with PHP 5.6 x32 on the same server).
Fixed bug #70991 (zend_file_cache.c:710: error: array type has incomplete element type).
Fixed bug #70977 (Segmentation fault with opcache.huge_code_pages=1).
PDO_Firebird:
Fixed bug #60052 (Integer returned as a 64bit integer on X64_86).
Phpdbg:
Fixed stderr being written to stdout.
Reflection:
Fixed bug #71018 (ReflectionProperty::setValue() behavior changed).
Fixed bug #70982 (setStaticPropertyValue behaviors inconsistently with 5.6).
Soap:
Fixed bug #70993 (Array key references break argument processing).
SPL:
Fixed bug #71028 (Undefined index with ArrayIterator).
SQLite3:
Fixed bug #71049 (SQLite3Stmt::execute() releases bound parameter instead of internal buffer).
Standard:
Fixed bug #70999 (php_random_bytes: called object is not a function).
Fixed bug #70960 (ReflectionFunction for array_unique returns wrong number of parameters).
Streams/Socket:
Add IPV6_V6ONLY constant / make it usable in stream contexts.
Version 7.0.0
03 Dec 2015 Core:
Fixed bug #70947 (INI parser segfault with INI_SCANNER_TYPED).
Fixed bug #70914 (zend_throw_or_error() format string vulnerability).
Fixed bug #70912 (Null ptr dereference instantiating class with invalid array property).
Fixed bug #70895 , #70898 (null ptr deref and segfault with crafted calable).
Fixed bug #70249 (Segmentation fault while running PHPUnit tests on phpBB 3.2-dev).
Fixed bug #70805 (Segmentation faults whilst running Drupal 8 test suite).
Fixed bug #70842 (Persistent Stream Segmentation Fault).
Fixed bug #70862 (Several functions do not check return code of php_stream_copy_to_mem()).
Fixed bug #70863 (Incorect logic to increment_function for proxy objects).
Fixed bug #70323 (Regression in zend_fetch_debug_backtrace() can cause segfaults).
Fixed bug #70873 (Regression on private static properties access).
Fixed bug #70748 (Segfault in ini_lex () at Zend/zend_ini_scanner.l).
Fixed bug #70689 (Exception handler does not work as expected).
Fixed bug #70430 (Stack buffer overflow in zend_language_parser()).
Fixed bug #70782 (null ptr deref and segfault (zend_get_class_fetch_type)).
Fixed bug #70785 (Infinite loop due to exception during identical comparison).
Fixed bug #70630 (Closure::call/bind() crash with ReflectionFunction-> getClosure()).
Fixed bug #70662 (Duplicate array key via undefined index error handler).
Fixed bug #70681 (Segfault when binding $this of internal instance method to null).
Fixed bug #70685 (Segfault for getClosure() internal method rebind with invalid $this).
Added zend_internal_function.reserved[] fields.
Fixed bug #70557 (Memleak on return type verifying failed).
Fixed bug #70555 (fun_get_arg() on unsetted vars return UNKNOW).
Fixed bug #70548 (Redundant information printed in case of uncaught engine exception).
Fixed bug #70547 (unsetting function variables corrupts backtrace).
Fixed bug #70528 (assert() with instanceof adds apostrophes around class name).
Fixed bug #70481 (Memory leak in auto_global_copy_ctor() in ZTS build).
Fixed bug #70431 (Memory leak in php_ini.c).
Fixed bug #70478 (**= does no longer work).
Fixed bug #70398 (SIGSEGV, Segmentation fault zend_ast_destroy_ex).
Fixed bug #70332 (Wrong behavior while returning reference on object).
Fixed bug #70300 (Syntactical inconsistency with new group use syntax).
Fixed bug #70321 (Magic getter breaks reference to array property).
Fixed bug #70187 (Notice: unserialize(): Unexpected end of serialized data).
Fixed bug #70145 (From field incorrectly parsed from headers).
Fixed bug #70370 (Bundled libtool.m4 doesn't handle FreeBSD 10 when building extensions).
Fixed bug causing exception traces with anon classes to be truncated.
Fixed bug #70397 (Segmentation fault when using Closure::call and yield).
Fixed bug #70299 (Memleak while assigning object offsetGet result).
Fixed bug #70288 (Apache crash related to ZEND_SEND_REF).
Fixed bug #70262 (Accessing array crashes PHP 7.0beta3).
Fixed bug #70258 (Segfault if do_resize fails to allocated memory).
Fixed bug #70253 (segfault at _efree () in zend_alloc.c:1389).
Fixed bug #70240 (Segfault when doing unset($var());).
Fixed bug #70223 (Incrementing value returned by magic getter).
Fixed bug #70215 (Segfault when __invoke is static).
Fixed bug #70207 (Finally is broken with opcache).
Fixed bug #70173 (ZVAL_COPY_VALUE_EX broken for 32bit Solaris Sparc).
Fixed bug #69487 (SAPI may truncate POST data).
Fixed bug #70198 (Checking liveness does not work as expected).
Fixed bug #70241 , #70293 (Skipped assertions affect Generator returns).
Fixed bug #70239 (Creating a huge array doesn't result in exhausted, but segfault).
Fixed "finally" issues.
Fixed bug #70098 (Real memory usage doesn't decrease).
Fixed bug #70159 (__CLASS__ is lost in closures).
Fixed bug #70156 (Segfault in zend_find_alias_name).
Fixed bug #70124 (null ptr deref / seg fault in ZEND_HANDLE_EXCEPTION).
Fixed bug #70117 (Unexpected return type error).
Fixed bug #70106 (Inheritance by anonymous class).
Fixed bug #69674 (SIGSEGV array.c:953).
Fixed bug #70164 (__COMPILER_HALT_OFFSET__ under namespace is not defined).
Fixed bug #70108 (sometimes empty $_SERVER['QUERY_STRING']).
Fixed bug #70179 ($this refcount issue).
Fixed bug #69896 ('asm' operand has impossible constraints).
Fixed bug #70183 (null pointer deref (segfault) in zend_eval_const_expr).
Fixed bug #70182 (Segfault in ZEND_ASSIGN_DIV_SPEC_CV_UNUSED_HANDLER).
Fixed bug #69793 (Remotely triggerable stack exhaustion via recursive method calls).
Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
Fixed bug #70121 (unserialize() could lead to unexpected methods execution / NULL pointer deref).
Fixed bug #70089 (segfault at ZEND_FETCH_DIM_W_SPEC_VAR_CONST_HANDLER ()).
Fixed bug #70057 (Build failure on 32-bit Mac OS X 10.6.8: recursive inlining).
Fixed bug #70012 (Exception lost with nested finally block).
Fixed bug #69996 (Changing the property of a cloned object affects the original).
Fixed bug #70083 (Use after free with assign by ref to overloaded objects).
Fixed bug #70006 (cli - function with default arg = STDOUT crash output).
Fixed bug #69521 (Segfault in gc_collect_cycles()).
Improved zend_string API.
Fixed bug #69955 (Segfault when trying to combine [] and assign-op on ArrayAccess object).
Fixed bug #69957 (Different ways of handling div/mod/intdiv).
Fixed bug #69900 (Too long timeout on pipes).
Fixed bug #69872 (uninitialised value in strtr with array).
Fixed bug #69868 (Invalid read of size 1 in zend_compile_short_circuiting).
Fixed bug #69849 (Broken output of apache_request_headers).
Fixed bug #69840 (iconv_substr() doesn't work with UTF-16BE).
Fixed bug #69823 (PHP 7.0.0alpha1 segmentation fault when exactly 33 extensions are loaded).
Fixed bug #69805 (null ptr deref and seg fault in zend_resolve_class_name).
Fixed bug #69802 (Reflection on Closure::__invoke borks type hint class name).
Fixed bug #69761 (Serialization of anonymous classes should be prevented).
Fixed bug #69551 (parse_ini_file() and parse_ini_string() segmentation fault).
Fixed bug #69781 (phpinfo() reports Professional Editions of Windows 7/8/8.1/10 as "Business").
Fixed bug #69835 (phpinfo() does not report many Windows SKUs).
Fixed bug #69889 (Null coalesce operator doesn't work for string offsets).
Fixed bug #69891 (Unexpected array comparison result).
Fixed bug #69892 (Different arrays compare indentical due to integer key truncation).
Fixed bug #69893 (Strict comparison between integer and empty string keys crashes).
Fixed bug #69767 (Default parameter value with wrong type segfaults).
Fixed bug #69756 (Fatal error: Nesting level too deep - recursive dependency ? with ===).
Fixed bug #69758 (Item added to array not being removed by array_pop/shift ).
Fixed bug #68475 (Add support for $callable() sytnax with 'Class::method').
Fixed bug #69485 (Double free on zend_list_dtor).
Fixed bug #69427 (Segfault on magic method __call of private method in superclass).
Improved __call() and __callStatic() magic method handling. Now they are called in a stackless way using ZEND_CALL_TRAMPOLINE opcode, without additional stack frame.
Optimized strings concatenation.
Fixed weird operators behavior. Division by zero now emits warning and returns +/-INF, modulo by zero and intdid() throws an exception, shifts by negative offset throw exceptions. Compile-time evaluation of division by zero is disabled.
Fixed bug #69371 (Hash table collision leads to inaccessible array keys).
Fixed bug #68933 (Invalid read of size 8 in zend_std_read_property).
Fixed bug #68252 (segfault in Zend/zend_hash.c in function _zend_hash_del_el).
Fixed bug #65598 (Closure executed via static autoload incorrectly marked as static).
Fixed bug #66811 (Cannot access static::class in lambda, writen outside of a class).
Fixed bug #69568 (call a private function in closure failed).
Added PHP_INT_MIN constant.
Added Closure::call() method.
Fixed bug #67959 (Segfault when calling phpversion('spl')).
Implemented the RFC `Catchable "Call to a member function bar() on a non-object"`.
Added options parameter for unserialize allowing to specify acceptable classes (https://wiki.php.net/rfc/secure_unserialize).
Fixed bug #63734 (Garbage collector can free zvals that are still referenced).
Removed ZEND_ACC_FINAL_CLASS, promoting ZEND_ACC_FINAL as final class modifier.
is_long() & is_integer() is now an alias of is_int().
Implemented FR #55467 (phpinfo: PHP Variables with $ and single quotes).
Added ?? operator.
Added <=> operator.
Added \u{xxxxx} Unicode Codepoint Escape Syntax.
Fixed oversight where define() did not support arrays yet const syntax did.
Use "integer" and "float" instead of "long" and "double" in ZPP, type hint and conversion error messages.
Implemented FR #55428 (E_RECOVERABLE_ERROR when output buffering in output buffering handler).
Removed scoped calls of non-static methods from an incompatible $this context.
Removed support for #-style comments in ini files.
Removed support for assigning the result of new by reference.
Invalid octal literals in source code now produce compile errors, fixes PHPSadness #31.
Removed dl() function on fpm-fcgi.
Removed support for hexadecimal numeric strings.
Removed obsolete extensions and SAPIs. See the full list in UPGRADING.
Added NULL byte protection to exec, system and passthru.
Added error_clear_last() function.
Fixed bug #68797 (Number 2.2250738585072012e-308 converted incorrectly).
Improved zend_qsort(using hybrid sorting algo) for better performance, and also renamed zend_qsort to zend_sort.
Added stable sorting algo zend_insert_sort.
Improved zend_memnchr(using sunday algo) for better performance.
Implemented the RFC `Scalar Type Decalarations v0.5`.
Implemented the RFC `Group Use Declarations`.
Implemented the RFC `Continue Output Buffering`.
Implemented the RFC `Constructor behaviour of internal classes`.
Implemented the RFC `Fix "foreach" behavior`.
Implemented the RFC `Generator Delegation`.
Implemented the RFC `Anonymous Class Support`.
Implemented the RFC `Context Sensitive Lexer`.
Fixed bug #69511 (Off-by-one buffer overflow in php_sys_readlink).
CLI server:
Fixed bug #68291 (404 on urls with '+').
Fixed bug #66606 (Sets HTTP_CONTENT_TYPE but not CONTENT_TYPE).
Fixed bug #70264 (CLI server directory traversal).
Fixed bug #69655 (php -S changes MKCALENDAR request method to MKCOL).
Fixed bug #64878 (304 responses return Content-Type header).
Refactor MIME type handling to use a hash table instead of linear search.
Update the MIME type list from the one shipped by Apache HTTPD.
Added support for SEARCH WebDav method.
COM:
Fixed bug #69939 (Casting object to bool returns false).
Curl:
Fixed bug #70330 (Segmentation Fault with multiple "curl_copy_handle").
Fixed bug #70163 (curl_setopt_array() type confusion).
Fixed bug #70065 (curl_getinfo() returns corrupted values).
Fixed bug #69831 (Segmentation fault in curl_getinfo).
Fixed bug #68937 (Segfault in curl_multi_exec).
Removed support for unsafe file uploads.
Date:
Fixed bug #70245 (strtotime does not emit warning when 2nd parameter is object or string).
Fixed bug #70266 (DateInterval::__construct.interval_spec is not supposed to be optional).
Fixed bug #70277 (new DateTimeZone($foo) is ignoring text after null byte).
Fixed day_of_week function as it could sometimes return negative values internally.
Removed $is_dst parameter from mktime() and gmmktime().
Removed date.timezone warning (https://wiki.php.net/rfc/date.timezone_warning_removal).
Added "v" DateTime format modifier to get the 3-digit version of fraction of seconds.
Implemented FR #69089 (Added DateTime::RFC3339_EXTENDED to output in RFC3339 Extended format which includes fraction of seconds).
DBA:
Fixed bug #62490 (dba_delete returns true on missing item (inifile)).
Fixed bug #68711 (useless comparisons).
DOM:
Fixed bug #70558 ("Couldn't fetch" error in DOMDocument::registerNodeClass()).
Fixed bug #70001 (Assigning to DOMNode::textContent does additional entity encoding).
Fixed bug #69846 (Segmenation fault (access violation) when iterating over DOMNodeList).
Made DOMNode::textContent writeable.
EXIF:
Fixed bug #70385 (Buffer over-read in exif_read_data with TIFF IFD tag byte value of 32 bytes).
Fileinfo:
Fixed bug #66242 (libmagic: don't assume char is signed).
Filter:
New FILTER_VALIDATE_DOMAIN and better RFC conformance for FILTER_VALIDATE_URL.
Fixed bug #67167 (Wrong return value from FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE).
FPM:
Fixed bug #70538 ("php-fpm -i" crashes).
Fixed bug #70279 (HTTP Authorization Header is sometimes passed to newer reqeusts).
Fixed bug #68945 (Unknown admin values segfault pools).
Fixed bug #65933 (Cannot specify config lines longer than 1024 bytes).
Implemented FR #67106 (Split main fpm config).
FTP:
Fixed bug #69082 (FTPS support on Windows).
GD:
Fixed bug #53156 (imagerectangle problem with point ordering).
Fixed bug #66387 (Stack overflow with imagefilltoborder). (CVE-2015-8874)
Fixed bug #70102 (imagecreatefromwebm() shifts colors).
Fixed bug #66590 (imagewebp() doesn't pad to even length).
Fixed bug #66882 (imagerotate by -90 degrees truncates image by 1px).
Fixed bug #70064 (imagescale(..., IMG_BICUBIC) leaks memory).
Fixed bug #69024 (imagescale segfault with palette based image).
Fixed bug #53154 (Zero-height rectangle has whiskers).
Fixed bug #67447 (imagecrop() add a black line when cropping).
Fixed bug #68714 (copy 'n paste error).
Fixed bug #66339 (PHP segfaults in imagexbm).
Fixed bug #70047 (gd_info() doesn't report WebP support).
Replace libvpx with libwebp for bundled libgd.
Fixed bug #61221 (imagegammacorrect function loses alpha channel).
Made fontFetch's path parser thread-safe.
Removed T1Lib support.
GMP:
Fixed bug #70284 (Use after free vulnerability in unserialize() with GMP).
hash:
Fixed bug #70312 (HAVAL gives wrong hashes in specific cases).
IMAP:
Fixed bug #70158 (Building with static imap fails).
Fixed bug #69998 (curl multi leaking memory).
Intl:
Fixed bug #70453 (IntlChar::foldCase() incorrect arguments and missing constants).
Fixed bug #70454 (IntlChar::forDigit second parameter should be optional).
Removed deprecated aliases datefmt_set_timezone_id() and IntlDateFormatter::setTimeZoneID().
JSON:
Fixed bug #62010 (json_decode produces invalid byte-sequences).
Fixed bug #68546 (json_decode() Fatal error: Cannot access property started with '\0').
Replace non-free JSON parser with a parser from Jsond extension, fixes #63520 (JSON extension includes a problematic license statement).
Fixed bug #68938 (json_decode() decodes empty string without error).
LDAP:
Fixed bug #47222 (Implement LDAP_OPT_DIAGNOSTIC_MESSAGE).
LiteSpeed:
Updated LiteSpeed SAPI code from V5.5 to V6.6.
libxml:
Fixed handling of big lines in error messages with libxml >= 2.9.0.
Mcrypt:
Fixed bug #70625 (mcrypt_encrypt() won't return data when no IV was specified under RC4).
Fixed bug #69833 (mcrypt fd caching not working).
Fixed possible read after end of buffer and use after free.
Removed mcrypt_generic_end() alias.
Removed mcrypt_ecb(), mcrypt_cbc(), mcrypt_cfb(), mcrypt_ofb().
Mysqli:
Fixed bug #32490 (constructor of mysqli has wrong name).
Mysqlnd:
Fixed bug #70949 (SQL Result Sets With NULL Can Cause Fatal Memory Errors).
Fixed bug #70384 (mysqli_real_query():Unknown type 245 sent by the server).
Fixed bug #70456 (mysqlnd doesn't activate TCP keep-alive when connecting to a server).
Fixed bug #70572 segfault in mysqlnd_connect.
Fixed bug #69796 (mysqli_stmt::fetch doesn't assign null values to bound variables).
OCI8:
Fixed memory leak with LOBs.
Fixed bug #68298 (OCI int overflow).
Corrected oci8 hash destructors to prevent segfaults, and a few other fixes.
ODBC:
Fixed bug #69975 (PHP segfaults when accessing nvarchar(max) defined columns. (CVE-2015-8879)
Opcache:
Fixed bug #70656 (require() statement broken after opcache_reset() or a few hours of use).
Fixed bug #70843 (Segmentation fault on MacOSX with opcache.file_cache_only=1).
Fixed bug #70724 (Undefined Symbols from opcache.so on Mac OS X 10.10).
Fixed compatibility with Windows 10 (see also bug #70652 ).
Attmpt to fix "Unable to reattach to base address" problem.
Fixed bug #70423 (Warning Internal error: wrong size calculation).
Fixed bug #70237 (Empty while and do-while segmentation fault with opcode on CLI enabled).
Fixed bug #70111 (Segfault when a function uses both an explicit return type and an explicit cast).
Fixed bug #70058 (Build fails when building for i386).
Fixed bug #70022 (Crash with opcache using opcache.file_cache_only=1).
Removed opcache.load_comments configuration directive. Now doc comments loading costs nothing and always enabled.
Fixed bug #69838 (Wrong size calculation for function table).
Fixed bug #69688 (segfault with eval and opcache fast shutdown).
Added experimental (disabled by default) file based opcode cache.
Fixed bug with try blocks being removed when extended_info opcode generation is turned on.
Fixed bug #68644 (strlen incorrect : mbstring + func_overload=2 +UTF-8 + Opcache).
OpenSSL:
Require at least OpenSSL version 0.9.8.
Fixed bug #68312 (Lookup for openssl.cnf causes a message box).
Fixed bug #55259 (openssl extension does not get the DH parameters from DH key resource).
Fixed bug #70395 (Missing ARG_INFO for openssl_seal()).
Fixed bug #60632 (openssl_seal fails with AES).
Implemented FR #70438 (Add IV parameter for openssl_seal and openssl_open).
Fixed bug #70014 (openssl_random_pseudo_bytes() is not cryptographically secure). (CVE-2015-8867)
Fixed bug #69882 (OpenSSL error "key values mismatch" after openssl_pkcs12_read with extra cert).
Added "alpn_protocols" SSL context option allowing encrypted client/server streams to negotiate alternative protocols using the ALPN TLS extension when built against OpenSSL 1.0.2 or newer. Negotiated protocol information is accessible through stream_get_meta_data() output.
Removed "CN_match" and "SNI_server_name" SSL context options. Use automatic detection or the "peer_name" option instead.
Pcntl:
Fixed bug #70386 (Can't compile on NetBSD because of missing WCONTINUED and WIFCONTINUED).
Fixed bug #60509 (pcntl_signal doesn't decrease ref-count of old handler when setting SIG_DFL).
Implemented FR #68505 (Added wifcontinued and wcontinued).
Added rusage support to pcntl_wait() and pcntl_waitpid().
PCRE:
Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match).
Fixed bug #70345 (Multiple vulnerabilities related to PCRE functions).
Fixed bug #70232 (Incorrect bump-along behavior with \K and empty string match).
Fixed bug #53823 (preg_replace: * qualifier on unicode replace garbles the string).
Fixed bug #69864 (Segfault in preg_replace_callback).
Removed support for the /e (PREG_REPLACE_EVAL) modifier.
PDO:
Fixed bug #70861 (Segmentation fault in pdo_parse_params() during Drupal 8 test suite).
Fixed bug #70389 (PDO constructor changes unrelated variables).
Fixed bug #70272 (Segfault in pdo_mysql).
Fixed bug #70221 (persistent sqlite connection + custom function segfaults).
Fixed bug #59450 (./configure fails with "Cannot find php_pdo_driver.h").
PDO_DBlib:
Fixed bug #69757 (Segmentation fault on nextRowset).
PDO_mysql:
Fixed bug #68424 (Add new PDO mysql connection attr to control multi statements option).
PDO_OCI:
Fixed bug #70308 (PDO::ATTR_PREFETCH is ignored).
PDO_pgsql:
Fixed bug #69752 (PDOStatement::execute() leaks memory with DML Statements when closeCuror() is u).
Removed PGSQL_ATTR_DISABLE_NATIVE_PREPARED_STATEMENT attribute in favor of ATTR_EMULATE_PREPARES).
Phar:
Fixed bug #69720 (Null pointer dereference in phar_get_fp_offset()).
Fixed bug #70433 (Uninitialized pointer in phar_make_dirstream when zip entry filename is "/").
Improved fix for bug #69441 .
Fixed bug #70019 (Files extracted from archive may be placed outside of destination directory).
Phpdbg:
Fixed bug #70614 (incorrect exit code in -rr mode with Exceptions).
Fixed bug #70532 (phpdbg must respect set_exception_handler).
Fixed bug #70531 (Run and quit mode (-qrr) should not fallback to interactive mode).
Fixed bug #70533 (Help overview (-h) does not rpint anything under Windows).
Fixed bug #70449 (PHP won't compile on 10.4 and 10.5 because of missing constants).
Fixed bug #70214 (FASYNC not defined, needs sys/file.h include).
Fixed bug #70138 (Segfault when displaying memory leaks).
Reflection:
Fixed bug #70650 (Wrong docblock assignment).
Fixed bug #70674 (ReflectionFunction::getClosure() leaks memory when used for internal functions).
Fixed bug causing bogus traces for ReflectionGenerator::getTrace().
Fixed inheritance chain of Reflector interface.
Added ReflectionGenerator class.
Added reflection support for return types and type declarations.
Session:
Fixed bug #70876 (Segmentation fault when regenerating session id with strict mode).
Fixed bug #70529 (Session read causes "String is not zero-terminated" error).
Fixed bug #70013 (Reference to $_SESSION is lost after a call to session_regenerate_id()).
Fixed bug #69952 (Data integrity issues accessing superglobals by reference).
Fixed bug #67694 (Regression in session_regenerate_id()).
Fixed bug #68941 (mod_files.sh is a bash-script).
SOAP:
Fixed bug #70940 (Segfault in soap / type_to_string).
Fixed bug #70900 (SoapClient systematic out of memory error).
Fixed bug #70875 (Segmentation fault if wsdl has no targetNamespace attribute).
Fixed bug #70715 (Segmentation fault inside soap client).
Fixed bug #70709 (SOAP Client generates Segfault).
Fixed bug #70388 (SOAP serialize_function_call() type confusion / RCE).
Fixed bug #70081 (SoapClient info leak / null pointer dereference via multiple type confusions).
Fixed bug #70079 (Segmentation fault after more than 100 SoapClient calls).
Fixed bug #70032 (make_http_soap_request calls zend_hash_get_current_key_ex(,,,NULL).
Fixed bug #68361 (Segmentation fault on SoapClient::__getTypes).
SPL:
Fixed bug #70959 (ArrayObject unserialize does not restore protected fields).
Fixed bug #70853 (SplFixedArray throws exception when using ref variable as index).
Fixed bug #70868 (PCRE JIT and pattern reuse segfault).
Fixed bug #70730 (Incorrect ArrayObject serialization if unset is called in serialize()).
Fixed bug #70573 (Cloning SplPriorityQueue leads to memory leaks).
Fixed bug #70303 (Incorrect constructor reflection for ArrayObject).
Fixed bug #70068 (Dangling pointer in the unserialization of ArrayObject items).
Fixed bug #70166 (Use After Free Vulnerability in unserialize() with SPLArrayObject).
Fixed bug #70168 (Use After Free Vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70169 (Use After Free Vulnerability in unserialize() with SplDoublyLinkedList).
Fixed bug #70053 (MutlitpleIterator array-keys incompatible change in PHP 7).
Fixed bug #69970 (Use-after-free vulnerability in spl_recursive_it_move_forward_ex()).
Fixed bug #69845 (ArrayObject with ARRAY_AS_PROPS broken).
Changed ArrayIterator implementation using zend_hash_iterator_... API. Allowed modification of iterated ArrayObject using the same behavior as proposed in `Fix "foreach" behavior`. Removed "Array was modified outside object and internal position is no longer valid" hack.
Implemented FR #67886 (SplPriorityQueue/SplHeap doesn't expose extractFlags nor curruption state).
Fixed bug #66405 (RecursiveDirectoryIterator::CURRENT_AS_PATHNAME breaks the RecursiveIterator).
SQLite3:
Fixed bug #70571 (Memory leak in sqlite3_do_callback).
Fixed bug #69972 (Use-after-free vulnerability in sqlite3SafetyCheckSickOrOk()).
Fixed bug #69897 (segfault when manually constructing SQLite3Result).
Fixed bug #68260 (SQLite3Result::fetchArray declares wrong required_num_args).
Standard:
Fixed count on symbol tables.
Fixed bug #70963 (Unserialize shows UNKNOWN in result).
Fixed bug #70910 (extract() breaks variable references).
Fixed bug #70808 (array_merge_recursive corrupts memory of unset items).
Fixed bug #70667 (strtr() causes invalid writes and a crashes).
Fixed bug #70668 (array_keys() doesn't respect references when $strict is true).
Implemented the RFC `Random Functions Throwing Exceptions in PHP 7`.
Fixed bug #70487 (pack('x') produces an error).
Fixed bug #70342 (changing configuration with ignore_user_abort(true) isn't working).
Fixed bug #70295 (Segmentation fault with setrawcookie).
Fixed bug #67131 (setcookie() conditional for empty values not met).
Fixed bug #70365 (Use-after-free vulnerability in unserialize() with SplObjectStorage).
Fixed bug #70366 (Use-after-free vulnerability in unserialize() with SplDoublyLinkedList).
Fixed bug #70250 (extract() turns array elements to references).
Fixed bug #70211 (php 7 ZEND_HASH_IF_FULL_DO_RESIZE use after free).
Fixed bug #70208 (Assert breaking access on objects).
Fixed bug #70140 (str_ireplace/php_string_tolower - Arbitrary Code Execution).
Implemented FR #70112 (Allow "dirname" to go up various times).
Fixed bug #36365 (scandir duplicates file name at every 65535th file).
Fixed bug #70096 (Repeated iptcembed() adds superfluous FF bytes).
Fixed bug #70018 (exec does not strip all whitespace).
Fixed bug #69983 (get_browser fails with user agent of null).
Fixed bug #69976 (Unable to parse "all" urls with colon char).
Fixed bug #69768 (escapeshell*() doesn't cater to !).
Fixed bug #62922 (Truncating entire string should result in string).
Fixed bug #69723 (Passing parameters by reference and array_column).
Fixed bug #69523 (Cookie name cannot be empty).
Fixed bug #69325 (php_copy_file_ex does not pass the argument).
Fixed bug #69299 (Regression in array_filter's $flag argument in PHP 7).
Removed call_user_method() and call_user_method_array() functions.
Fixed user session handlers (See rfc:session.user.return-value).
Added intdiv() function.
Improved precision of log() function for base 2 and 10.
Remove string category support in setlocale().
Remove set_magic_quotes_runtime() and its alias magic_quotes_runtime().
Fixed bug #65272 (flock() out parameter not set correctly in windows).
Added preg_replace_callback_array function.
Deprecated salt option to password_hash.
Fixed bug #69686 (password_verify reports back error on PHP7 will null string).
Added Windows support for getrusage().
Removed hardcoded limit on number of pipes in proc_open().
Streams:
Fixed bug #70361 (HTTP stream wrapper doesn't close keep-alive connections).
Fixed bug #68532 (convert.base64-encode omits padding bytes).
Removed set_socket_blocking() in favor of its alias stream_set_blocking().
Tokenizer:
Fixed bug #69430 (token_get_all has new irrecoverable errors).
XMLReader:
Fixed bug #70309 (XmlReader read generates extra output).
XMLRPC:
Fixed bug #70526 (xmlrpc_set_type returns false on success).
XSL:
Fixed bug #70678 (PHP7 returns true when false is expected).
Fixed bug #70535 (XSLT: free(): invalid pointer).
Fixed bug #69782 (NULL pointer dereference).
Fixed bug #64776 (The XSLT extension is not thread safe).
Removed xsl.security_prefs ini option.
Zlib:
Added deflate_init(), deflate_add(), inflate_init(), inflate_add() functions allowing incremental/streaming compression/decompression.
Zip:
Fixed bug #70322 (ZipArchive::close() doesn't indicate errors).
Fixed bug #70350 (ZipArchive::extractTo allows for directory traversal when creating directories). (CVE-2014-9767)
Added ZipArchive::setCompressionName and ZipArchive::setCompressionIndex methods.
Update bundled libzip to 1.0.1.
Fixed bug #67161 (ZipArchive::getStream() returns NULL for certain file).