PHP 8 ChangeLog
8.1 | 8.0
Version 8.1.10
01 Sep 2022
Core:
Fixed --CGI-- support of run-tests.php.
Fixed incorrect double to long casting in latest clang.
Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
Date:
Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
Fixed bug GH-9106 : (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
DBA:
Fixed LMDB driver memory leak on DB creation failure.
Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
IMAP:
Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
Intl:
Fixed IntlDateFormatter::formatObject() parameter type.
MBString:
Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
OPcache:
Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
PDO_SQLite:
Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
SQLite3:
Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
Streams:
Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).
Version 8.1.9
04 Aug 2022
CLI:
Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
Fixed GH-8952 (Intentionally closing std handles no longer possible).
Core:
Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
Date:
Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
FPM:
Fixed zlog message prepend, free on incorrect address.
Fixed possible double free on configuration loading failure. (Heiko Weber).
GD:
Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
Intl:
Fixed build for ICU 69.x and onwards.
OPcache:
Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntax of a valid file).
Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
Reflection:
Fixed bug GH-8943 (Fixed Reflection::getModifierNames() with readonly modifier).
Standard:
Fixed the crypt_sha256/512 api build with clang > 12.
Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
Version 8.1.8
07 Jul 2022
Core:
Fixed bug GH-8338 (Intel CET is disabled unintentionally).
Fixed leak in Enum::from/tryFrom for internal enums when using JIT
Fixed calling internal methods with a static return type from extension code.
Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
Fixed potential use after free in php_binary_init().
CLI:
Fixed GH-8827 (Intentionally closing std handles no longer possible).
COM:
Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
Curl:
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
Date:
Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
Fileinfo:
Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
FPM:
Fixed bug #67764 (fpm: syslog.ident don't work).
GD:
Fixed imagecreatefromavif() memory leak.
MBString:
mb_detect_encoding recognizes all letters in Czech alphabet
mb_detect_encoding recognizes all letters in Hungarian alphabet
Fixed bug GH-8685 (pcre not ready at mbstring startup).
Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
ODBC:
Fixed handling of single-key connection strings.
OPcache:
Fixed bug GH-8591 (tracing JIT crash after private instance method change).
OpenSSL:
Fixed bug #50293 (Several openssl functions ignore the VCWD).
Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
PDO_ODBC:
Fixed handling of single-key connection strings.
Zip:
Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache).
Version 8.1.7
09 Jun 2022
CLI:
Fixed bug GH-8575 (CLI closes standard streams too early).
Date:
Fixed bug #51934 (strtotime plurals / incorrect time).
Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)).
Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)
Fixed bug #68549 (Timezones and offsets are not properly used when working with dates)
Fixed bug #81565 (date parsing fails when provided with timezones including seconds).
Fixed bug GH-7758 (Problems with negative timestamps and fractions).
FPM:
Fixed ACL build check on MacOS.
Fixed bug #72185 : php-fpm writes empty fcgi record causing nginx 502.
mysqlnd:
Fixed bug #81719 : mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
OPcache:
Fixed bug GH-8461 (tracing JIT crash after function/method change).
OpenSSL:
Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading).
Pcntl:
pgsql:
Fixed bug #81720 : Uninitialized array in pg_query_params(). (CVE-2022-31625)
Soap:
Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens).
SPL:
Fixed bug GH-8235 (iterator_count() may run indefinitely).
Standard:
Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
Zip:
Fixed type for index in ZipArchive::replaceFile.
Version 8.1.6
12 May 2022
Core:
Fixed bug GH-8310 (Registry settings are no longer recognized).
Fixed potential race condition during resource ID allocation.
Fixed bug GH-8133 (Preloading of constants containing arrays with enums segfaults).
Fixed Haiku ZTS builds.
Date:
Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient data).
Fixed bug GH-8108 (Timezone doesn't work as intended).
Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
FFI:
Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
FPM:
Fixed bug #76003 (FPM /status reports wrong number of active processe).
Fixed bug #77023 (FPM cannot shutdown processes).
Fixed comment in kqueue remove callback log message.
Hash:
Fixed bug #81714 (segfault when serializing finalized HashContext).
Iconv:
Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
Intl:
Fixed bug GH-8364 (msgfmt_format $values may not support references).
MBString:
Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier.
MySQLi:
Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
SPL:
Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
Fixed bug GH-8273 (SplFileObject: key() returns wrong value).
Streams:
Fixed php://temp does not preserve file-position when switched to temporary file.
zlib:
Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
Version 8.1.5
14 Apr 2022
Core:
Fixed bug GH-8176 (Enum values in property initializers leak).
Fixed freeing of internal attribute arguments.
Fixed bug GH-8070 (memory leak of internal function attribute hash).
Fixed bug GH-8160 (ZTS support on Alpine is broken).
Filter:
Fixed signedness confusion in php_filter_validate_domain().
Intl:
Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl classes).
Fixed bug GH-8142 (Compilation error on cygwin).
Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first key).
MBString:
Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
MySQLi:
Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
Pcntl:
Fixed bug GH-8142 (Compilation error on cygwin).
PgSQL:
Fixed result_type related stack corruption on LLP64 architectures.
Fixed bug GH-8253 (pg_insert() fails for references).
Sockets:
SPL:
Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without return typehint in 8.1).
Standard:
Fixed bug GH-8048 (Force macOS to use statfs).
Version 8.1.4
17 Mar 2022
Core:
Fixed Haiku ZTS build.
Fixed bug GH-8059 arginfo not regenerated for extension.
Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static variables.
Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory).
Fixed bug GH-8074 (Wrong type inference of range() result).
Fixed bug GH-8140 (Wrong first class callable by name optimization).
Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory when observed).
GD:
Fixed libpng warning when loading interlaced images.
FPM:
Fixed bug #76109 (Unsafe access to fpm scoreboard).
Iconv:
Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
Fixed bug GH-7980 (Unexpected result for iconv_mime_decode).
MBString:
Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit).
MySQLnd:
Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package).
Reflection:
Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
Zlib:
Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
Version 8.1.3
17 Feb 2022
Core:
Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
Fixed bug GH-7896 (Environment vars may be mangled on Windows).
Fixed bug GH-7883 (Segfault when INI file is not readable).
FFI:
Fixed bug GH-7867 (FFI::cast() from pointer to array is broken).
Filter:
Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
FPM:
Fixed memory leak on invalid port.
Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM status page.
MBString:
Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only).
MySQLnd:
Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped).
pcntl:
Fixed pcntl_rfork build for DragonFlyBSD.
Sockets:
Fixed bug GH-7978 (sockets extension compilation errors).
Standard:
Fixed bug GH-7899 (Regression in unpack for negative int value).
Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
Version 8.1.2
20 Jan 2022
Core:
Fixed bug #81216 (Nullsafe operator leaks dynamic property name).
Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).
Fixed bug #81656 (GCC-11 silently ignores -R).
Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods).
Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT.
Added riscv64 support for fibers.
Filter:
Fixed FILTER_FLAG_NO_RES_RANGE flag.
Hash:
Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file).
MBString:
Fixed bug #81693 (mb_check_encoding(7bit) segfaults).
MySQLi:
Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
Introduced MYSQLI_IS_MARIADB.
Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()).
MySQLnd:
Fixed bug where large bigints may be truncated.
OCI8:
Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call).
OPcache:
Fixed bug #81679 (Tracing JIT crashes on reattaching).
Readline:
Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell).
Reflection:
Fixed bug #81681 (ReflectionEnum throwing exceptions).
PDO_PGSQL:
Fixed error message allocation of PDO PgSQL.
Sockets:
Avoid void* arithmetic in sockets/multicast.c on NetBSD.
Fixed ext/sockets build on Haiku.
Spl:
Fixed bug #75917 (SplFileObject::seek broken with CSV flags).
Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault).
Standard:
Fixed bug GH-7748 (gethostbyaddr outputs binary string).
Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions).
Version 8.1.1
02 Dec 2021
IMAP:
Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
PCRE:
Update bundled PCRE2 to 10.39.
Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
Standard:
Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
Version 8.0.23
01 Sep 2022
Core:
Fixed incorrect double to long casting in latest clang.
DBA:
Fixed LMDB driver memory leak on DB creation failure.
Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
Intl:
Fixed IntlDateFormatter::formatObject() parameter type.
OPcache:
Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
PDO_SQLite:
Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
SQLite3:
Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
Standard:
Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
Streams:
Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).
Version 8.0.22
04 Aug 2022
CLI:
Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
Core:
Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
Date:
Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
DBA:
Fixed LMDB driver hanging when attempting to delete a non-existing key.
FPM:
Fixed zlog message prepend, free on incorrect address.
Fixed possible double free on configuration loading failure.
GD:
Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
Intl:
Fixed build for ICU 69.x and onwards.
OPcache:
Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
Standard:
Fixed the crypt_sha256/512 api build with clang > 12.
Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.
Version 8.0.21
07 Jul 2022
Core:
Fixed potential use after free in php_binary_init().
CLI:
Fixed GH-8827 (Intentionally closing std handles no longer possible).
COM:
Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
Curl:
Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
Date:
Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
FPM:
Fixed bug #67764 (fpm: syslog.ident don't work).
MBString:
Fixed bug GH-8685 (pcre not ready at mbstring startup).
ODBC:
Fixed handling of single-key connection strings.
OpenSSL:
Fixed bug #50293 (Several openssl functions ignore the VCWD).
Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
PDO_ODBC:
Fixed errorInfo() result on successful PDOStatement->execute().
Fixed handling of single-key connection strings.
Zip:
Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache).
Version 8.0.20
09 Jun 2022
CLI:
Fixed bug GH-8575 (CLI closes standard streams too early).
Core:
Date:
Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection).
FPM:
Fixed ACL build check on MacOS.
Fixed bug #72185 : php-fpm writes empty fcgi record causing nginx 502.
Mysqlnd:
Fixed bug #81719 : mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
OPcache:
Fixed bug GH-8466 (ini_get() is optimized out when the option does not exist).
Pcntl:
Pgsql:
Fixed bug #81720 : Uninitialized array in pg_query_params(). (CVE-2022-31625)
Soap:
Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
Fixed bug GH-8538 (SoapClient may strip parts of nmtokens).
SPL:
Fixed bug GH-8235 (iterator_count() may run indefinitely).
Zip:
Fixed type for index in ZipArchive::replaceFile.
Version 8.0.19
12 May 2022
Core:
Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
Date:
Fixed bug GH-7979 (DatePeriod iterator advances when checking if valid).
FFI:
Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
FPM:
Fixed bug #76003 (FPM /status reports wrong number of active processe).
Fixed bug #77023 (FPM cannot shutdown processes).
Fixed comment in kqueue remove callback log message.
Iconv:
Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
Intl:
Fixed bug GH-8364 (msgfmt_format $values may not support references).
MySQLi:
Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
SPL:
Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
Fixed bug GH-8273 (SplFileObject: key() returns wrong value).
Streams:
Fixed php://temp does not preserve file-position when switched to temporary file.
zlib:
Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
Version 8.0.18
14 Apr 2022
Core:
Fixed freeing of internal attribute arguments.
Fixed bug GH-8070 (memory leak of internal function attribute hash).
Fixed bug GH-8160 (ZTS support on Alpine is broken).
Filter:
Fixed signedness confusion in php_filter_validate_domain().
Intl:
Fixed bug GH-8142 (Compilation error on cygwin).
MBString:
Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
MySQLi:
Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
Pcntl:
Fixed bug GH-8142 (Compilation error on cygwin).
PgSQL:
Fixed result_type related stack corruption on LLP64 architectures.
Fixed bug GH-8253 (pg_insert() fails for references).
Sockets:
SPL:
Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
Standard:
Fixed bug GH-8048 (Force macOS to use statfs).
Version 8.0.17
17 Mar 2022
Core:
GD:
Fixed libpng warning when loading interlaced images.
FPM:
Fixed bug #76109 (Unsafe access to fpm scoreboard).
Iconv:
Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
Fixed bug GH-7980 (Unexpected result for iconv_mime_decode).
MySQLnd:
Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package).
OPcache:
Fixed bug GH-8074 (Wrong type inference of range() result).
Reflection:
Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
Zlib:
Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
Version 8.0.16
17 Feb 2022
Core:
Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
Fixed bug GH-7896 (Environment vars may be mangled on Windows).
FFI:
Fixed bug GH-7867 (FFI::cast() from pointer to array is broken).
Filter:
Fix #81708: UAF due to php_filter_float() failing for ints.
FPM:
Fixed memory leak on invalid port.
MBString:
Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only).
MySQLnd:
Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped).
Sockets:
Fixed ext/sockets build on Haiku.
Fixed bug GH-7978 (sockets extension compilation errors).
Standard:
Fixed bug GH-7875 (mails are sent even if failure to log throws exception).
Version 8.0.15
20 Jan 2022
Core:
Fixed bug #81656 (GCC-11 silently ignores -R).
Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
Filter:
Fixed FILTER_FLAG_NO_RES_RANGE flag.
Hash:
Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file).
MySQLnd:
Fixed bug where large bigints may be truncated.
OCI8:
Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call).
OPcache:
Fixed bug #81679 (Tracing JIT crashes on reattaching).
PDO_PGSQL:
Fixed error message allocation of PDO PgSQL.
Sockets:
Avoid void* arithmetic in sockets/multicast.c on NetBSD.
Spl:
Fixed bug #75917 (SplFileObject::seek broken with CSV flags).
Version 8.0.14
16 Dec 2021
Core:
Fixed bug #81582 (Stringable not implicitly declared if __toString() came from a trait).
Fixed bug #81591 (Fatal Error not properly logged in particular cases).
Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
Fixed bug #81631 (::class with dynamic class name may yield wrong line number).
FPM:
Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
GD:
Fixed bug #71316 (libpng warning from imagecreatefromstring).
IMAP:
Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
OpenSSL:
Fixed bug #75725 (./configure: detecting RAND_egd).
PCRE:
Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
SPL:
Fixed bug #81587 (MultipleIterator Segmentation fault w/ SimpleXMLElement attached).
Standard:
Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).
Version 8.0.13
18 Nov 2021
Core:
Fixed bug #81518 (Header injection via default_mimetype / default_charset).
Date:
Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
DBA:
Fixed bug #81588 (TokyoCabinet driver leaks memory).
MBString:
Fixed bug #76167 (mbstring may use pointer from some previous request).
Opcache:
Fixed bug #81512 (Unexpected behavior with arrays and JIT).
PCRE:
Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
XML:
Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
XMLReader:
Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid property).
Version 8.0.12
21 Oct 2021
CLI:
Fixed bug #81496 (Server logs incorrect request method).
Core:
Fixed bug #81435 (Observer current_observed_frame may point to an old (overwritten) frame).
Fixed bug #81380 (Observer may not be initialized properly).
DOM:
Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
FFI:
Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
FPM:
Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
Fileinfo:
Fixed bug #78987 (High memory usage during encoding detection).
Filter:
Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
Opcache:
Fixed bug #81472 (Cannot support large linux major/minor device number when read /proc/self/maps).
Reflection:
ReflectionAttribute is no longer final.
SPL:
Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1).
Standard:
Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo position specifier).
Streams:
Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
XML:
Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
Zip:
Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
Version 8.0.11
23 Sep 2021
Core:
Fixed bug #81302 (Stream position after stream filter removed).
Fixed bug #81346 (Non-seekable streams don't update position after write).
Fixed bug #73122 (Integer Overflow when concatenating strings).
GD:
Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
Opcache:
Fixed bug #81353 (segfault with preloading and statically bound closure).
Shmop:
Fixed bug #81407 (shmop_open won't attach and causes php to crash).
Standard:
Fixed bug #71542 (disk_total_space does not work with relative paths).
Fixed bug #81400 (Unterminated string in dns_get_record() results).
SysVMsg:
Fixed bug #78819 (Heap Overflow in msg_send).
XML:
Fixed bug #81351 (xml_parse may fail, but has no error code).
Zip:
Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword).
Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).
Version 8.0.10
26 Aug 2021
Core:
Fixed bug #72595 (php_output_handler_append illegal write access).
Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()).
Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
BCMath:
Fixed bug #78238 (BCMath returns "-0").
CGI:
Fixed bug #80849 (HTTP Status header truncation).
Date:
Fixed bug #64975 (Error parsing when AM/PM not at the end).
Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones).
Fixed bug #79580 (date_create_from_format misses leap year).
Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter).
GD:
Fixed bug #51498 (imagefilledellipse does not work for large circles).
MySQLi:
Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()).
Opcache:
Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
Fixed bug #81249 (Intermittent property assignment failure with JIT enabled).
Fixed bug #81206 (Multiple PHP processes crash with JIT enabled).
Fixed bug #81272 (Segfault in var[] after array_slice with JIT).
Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
Fixed bug #80959 (Infinite loop in building cfg during JIT compilation) (Nikita, Dmitry)
Fixed bug #81226 (Integer overflow behavior is different with JIT enabled).
OpenSSL:
Fixed bug #81327 (Error build openssl extension on php 7.4.22).
PDO_ODBC:
Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL).
Phar:
Fixed bug #81211 : Symlinks are followed when creating PHAR archive
Shmop:
Fixed bug #81283 (shmop can't read beyond 2147483647 bytes).
SimpleXML:
Fixed bug #81325 (Segfault in zif_simplexml_import_dom).
Standard:
Fixed bug #72146 (Integer overflow on substr_replace).
Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
Fixed bug #74960 (Heap buffer overflow via str_repeat).
Streams:
Fixed bug #81294 (Segfault when removing a filter).
Version 8.0.9
29 Jul 2021
Core:
Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
Fixed bug #81159 (Object to int warning when using an object as a string offset).
Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process).
Fixed bug #73630 (Built-in Webserver - overwrite $_SERVER['request_uri']).
Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe).
Fixed bug #73226 (--r[fcez] always return zero exit code).
Intl:
Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone).
Fixed bug #74264 (grapheme_strrpos() broken for negative offsets).
OpenSSL:
Fixed bug #52093 (openssl_csr_sign truncates $serial).
PCRE:
Fixed bug #81101 (PCRE2 10.37 shows unexpected result).
Fixed bug #81243 (Too much memory is allocated for preg_replace()).
Reflection:
Fixed bug #81208 (Segmentation fault while create newInstance from attribute).
Standard:
Fixed bug #81223 (flock() only locks first byte of file).
Version 8.0.8
01 Jul 2021
Core:
Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
Fixed bug #81068 (Double free in realpath_cache_clean()).
Fixed bug #76359 (open_basedir bypass through adding "..").
Fixed bug #81090 (Typed property performance degradation with .= operator).
Fixed bug #81070 (Integer underflow in memory limit comparison).
Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
Bzip2:
Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
Fileinfo:
Fixed bug #80197 (implicit declaration of function 'magic_stream' is invalid).
GMP:
Fixed bug #81119 (GMP operators throw errors with wrong parameter names).
OCI8:
Fixed bug #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).
Opcache:
Fixed bug #81051 (Broken property type handling after incrementing reference).
Fixed bug #80968 (JIT segfault with return from required file).
OpenSSL:
Fixed bug #76694 (native Windows cert verification uses CN as server name).
MySQLnd:
Fixed bug #80761 (PDO uses too much memory).
PDO_Firebird:
Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
readline:
Fixed bug #72998 (invalid read in readline completion).
Standard:
Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
Windows:
Fixed bug #81120 (PGO data for main PHP DLL are not used).
Version 8.0.7
03 Jun 2021
Core:
Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
Fixed bug #80972 (Memory exhaustion on invalid string offset).
FPM:
Fixed bug #65800 (Events port mechanism).
FTP:
Fixed bug #80901 (Info leak in ftp extension).
Fixed bug #79100 (Wrong FTP error messages).
GD:
Fixed bug #81032 (GD install is affected by external libgd installation).
Intl:
Fixed bug #81019 (Unable to clone NumberFormatter after failed parse()).
MBString:
Fixed bug #81011 (mb_convert_encoding removes references from arrays).
ODBC:
Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator).
Opcache:
Fixed bug #81007 (JIT "not supported" on 32-bit x86 -- build problem?).
Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition).
Fixed bug #81046 (Literal compaction merges non-equal related literals).
PDO_MySQL:
Fixed bug #81037 (PDO discards error message text from prepared statement).
PDO_ODBC:
Fixed bug #44643 (bound parameters ignore explicit type definitions).
pgsql:
Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
SPL:
Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
XMLReader:
Fixed bug #73246 (XMLReader: encoding length not checked).
Zip:
Fixed bug #80863 (ZipArchive::extractTo() ignores references).
Version 8.0.6
06 May 2021
PDO_pgsql:
Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"
Version 8.0.5
29 Apr 2021
Core:
Fixed bug #75776 (Flushing streams with compression filter is broken).
Fixed bug #80811 (Function exec without $output but with $restult_code parameter crashes).
Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).
Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.
Dba:
Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
DOM:
Fixed bug #66783 (UAF when appending DOMDocument to element).
FFI:
Fixed bug #80847 (CData structs with fields of type struct can't be passed as C function argument).
FPM:
Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
FTP:
Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
IMAP:
Fixed bug #80800 (imap_open() fails when the flags parameter includes CL_EXPUNGE).
Fixed bug #80710 (imap_mail_compose() header injection).
Intl:
Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
LibXML:
Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
MySQLnd:
Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
Opcache:
Fixed bug #80839 (PHP problem with JIT).
Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
Fixed bug #80786 (PHP crash using JIT).
Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1).
Pcntl:
Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
PCRE:
Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
PDO_ODBC:
Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
PDO_pgsql:
Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
Session:
Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
Fixed bug #80774 (session_name() problem with backslash).
SOAP:
Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
Standard:
Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
Fixed bug #78719 (http wrapper silently ignores long Location headers).
Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
Zip:
Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).
Version 8.0.3
04 Mar 2021
Core:
Fixed bug #80706 (mail(): Headers after Bcc headers may be ignored).
DOM:
Fixed bug #80600 (DOMChildNode::remove() doesn't work on CharacterData nodes).
Gettext:
Fixed bug #53251 (bindtextdomain with null dir doesn't return old value).
MySQLnd:
Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
MySQLi:
Fixed bug #74779 (x() and y() truncating floats to integers).
Opcache:
Fixed bug #80634 (write_property handler of internal classes is skipped on preloaded JITted code).
Fixed bug #80682 (opcache doesn't honour pcre.jit option).
Fixed bug #80742 (Opcache JIT makes some boolean logic unexpectedly be true).
Fixed bug #80745 (JIT produces Assert failure and UNKNOWN:0 var_dumps in code involving bitshifts).
OpenSSL:
Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
Phar:
Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon)
Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
Fixed bug #53467 (Phar cannot compress large archives).
Socket:
Fixed bug #80723 (Different sockets compare as equal (regression in 8.0)).
SPL:
Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
Standard:
Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
Fixed bug #80718 (ext/standard/dl.c fallback code path with syntax error).
Version 8.0.2
04 Feb 2021
Core:
Fixed bug #80523 (bogus parse error on >4GB source code).
Fixed bug #80384 (filter buffers entire read until file closed).
Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
Fixed bug #80617 (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
BCMath:
Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception).
Curl:
Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
Date:
Fixed bug #80376 (last day of the month causes runway cpu usage).
DOM:
Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub).
Filter:
Fixed bug #80584 (0x and 0X are considered valid hex numbers by filter_var()).
GMP:
Fixed bug #80560 (Strings containing only a base prefix return 0 object).
Intl:
Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
MySQLi:
Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
ODBC:
Fixed bug #80592 (all floats are the same in ODBC parameters).
Opcache:
Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
PDO_Firebird:
Fixed bug #80521 (Parameters with underscores no longer recognized).
Phar:
Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
Phpdbg:
Reverted fix for bug #76813 (Access violation near NULL on source operand).
SOAP:
Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)
Version 8.0.1
07 Jan 2021
Core:
Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
Fixed bug #80391 (Iterable not covariant to mixed).
Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
Fixed bug #77069 (stream filter loses final block of data).
Fileinfo:
Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
FPM:
Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
IMAP:
Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
Fix a regression with valid UIDs in imap_savebody().
Make warnings for invalid message numbers/UIDs between functions consistent.
Intl:
Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
Opcache:
Fixed bug #80404 (Incorrect range inference result when division results in float).
Fixed bug #80377 (Opcache misses executor_globals).
Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
Fixed bug #80447 (Strange out of memory error when running with JIT).
Fixed bug #80480 (Segmentation fault with JIT enabled).
Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
OpenSSL:
Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
PDO MySQL:
Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
Fixed bug #79872 (Can't execute query with pending result sets).
Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
Fixed bug #62889 (LOAD DATA INFILE broken).
Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
Phar:
Fixed bug #73809 (Phar Zip parse crash - mmap fail).
Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
Phpdbg:
Fixed bug #76813 (Access violation near NULL on source operand).
SPL:
Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
Standard:
Fixed bug #80366 (Return Value of zend_fstat() not Checked).
Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
Tidy:
Fixed bug #77594 (ob_tidyhandler is never reset).
Tokenizer:
Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
XML:
XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
Zlib:
Fixed bug #48725 (Support for flushing in zlib stream).