PHP 8 ChangeLog

8.2 | 8.1 | 8.0

Version 8.2.5

  • Core:
    • Added optional support for max_execution_time in ZTS/Linux builds (Kévin Dunglas)
    • Fixed use-after-free in recursive AST evaluation.
    • Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
    • Re-add some CTE functions that were removed from being CTE by a mistake.
    • Remove CTE flag from array_diff_ukey(), which was added by mistake.
    • Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
    • Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).
    • Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
    • Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
    • Fix potential memory corruption when mixing __callStatic() and FFI.
  • Date:
    • Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw).
  • FPM:
    • Fixed bug GH-10611 (fpm_env_init_main leaks environ).
    • Destroy file_handle in fpm_main.
    • Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).
  • FTP:
    • Propagate success status of ftp_close().
    • Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
  • IMAP:
    • Fix build failure with Clang 16.
  • MySQLnd:
    • Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections).
  • Opcache:
    • Fixed build for macOS to cater with pkg-config settings.
    • Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).
  • OpenSSL:
    • Add missing error checks on file writing functions.
  • PDO Firebird:
    • Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).
  • Phar:
    • Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).
    • Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
  • PDO ODBC:
    • Fixed missing and inconsistent error checks on SQLAllocHandle.
  • PGSQL:
    • Fixed typo in the array returned from pg_meta_data (extended mode).
  • SPL:
    • Fixed bug GH-10519 (Array Data Address Reference Issue).
    • Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in PHP 8.2.4).
    • Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
  • Standard:
    • Fixed bug GH-10885 (stream_socket_server context leaks).
    • Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).
    • Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure).
    • Fixed undefined behaviour in unpack().

Version 8.2.4

  • Core:
    • Fixed incorrect check condition in ZEND_YIELD.
    • Fixed incorrect check condition in type inference.
    • Fix incorrect check in zend_internal_call_should_throw().
    • Fixed overflow check in OnUpdateMemoryConsumption.
    • Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).
    • Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout).
    • Fixed SSA object type update for compound assignment opcodes.
    • Fixed language scanner generation build.
    • Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.
    • Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name).
    • Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.
  • Curl:
    • Fixed deprecation warning at compile time.
    • Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback).
  • Date:
    • Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00).
    • Fix GH-10152 (Custom properties of Date's child classes are not serialised).
    • Fixed bug GH-10747 (Private and protected properties in serialized Date* objects throw).
  • FFI:
    • Fixed incorrect bitshifting and masking in ffi bitfield.
  • Fiber:
    • Fixed assembly on alpine x86.
    • Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber).
  • FPM:
    • Fixed bug GH-10315 (FPM unknown child alert not valid).
    • Fixed bug GH-10385 (FPM successful config test early exit).
  • GMP:
    • Properly implement GMP::__construct().
  • Intl:
    • Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.
  • JSON:
    • Fixed JSON scanner and parser generation build.
  • MBString:
    • ext/mbstring: fix new_value length check.
    • Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows).
  • Opcache:
    • Fix incorrect page_size check.
  • OpenSSL:
    • Fixed php_openssl_set_server_dh_param() DH params errors handling.
  • PDO OCI:
    • Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
  • PHPDBG:
    • Fixed bug GH-10715 (heap buffer overflow on --run option misuse).
  • PGSQL:
    • Fix GH-10672 (pg_lo_open segfaults in the strict_types mode).
  • Phar:
    • Fix incorrect check in phar tar parsing.
  • Random:
    • Fix GH-10390 (Do not trust arc4random_buf() on glibc).
    • Fix GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
  • Reflection:
    • Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments).
    • Fix Segfault when using ReflectionFiber suspended by an internal function.
  • Session:
    • Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).
  • Standard:
    • Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI).
    • Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
    • Fix incorrect check in cs_8559_5 in map_from_unicode().
    • Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes
    • Fix incorrect error check in browsecap for pcre2_match().
  • Streams:
    • Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when using copy_file_range).
    • Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect copy_file_range() len).
  • Tidy:
    • Fix memory leaks when attempting to open a non-existing file or a file over 4GB.
    • Add missing error check on tidyLoadConfig.
  • Zlib:
    • Fixed output_handler directive value's length which counted the string terminator.

Version 8.2.3

  • Core:
    • Fixed bug #81744 (Password_verify() always return true with some hash). (CVE-2023-0567)
    • Fixed bug #81746 (1-byte array overrun in common path resolve code). (CVE-2023-0568)
  • SAPI:
    • Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)

Version 8.2.2

  • Core:
    • Fixed bug GH-10200 (zif_get_object_vars: Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed).
    • Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed).
    • Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an unpacked array).
    • Fix GH-9735 (Fiber stack variables do not participate in cycle collector).
    • Fix GH-9675 (Broken run_time_cache init for internal enum methods).
  • FPM:
    • Fixed bug #77106 (Missing separator in FPM FastCGI errors).
    • Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
    • Fixed bug #68591 (Configuration test does not perform UID lookups).
    • Fixed memory leak when running FPM config test.
    • Fixed bug #67244 (Wrong owner:group for listening unix socket).
  • Hash:
    • Handle exceptions from __toString in XXH3's initialization (nielsdos)
  • LDAP:
    • Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
  • Opcache:
    • Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
    • Fix access to uninitialized variable in accel_preload().
    • Fix zend_jit_find_trace() crashes.
    • Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit.
  • Phar:
    • Fix wrong flags check for compression method in phar_object.c (nielsdos)
  • PHPDBG:
    • Fix undefined behaviour in phpdbg_load_module_or_extension().
    • Fix NULL pointer dereference in phpdbg_create_conditional_breal().
    • Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
    • Fix phpdbg segmentation fault in case of malformed input (nielsdos)
  • Posix:
    • Fix memory leak in posix_ttyname() (girgias)
  • Random:
    • Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom).
  • Standard:
    • Fix GH-10187 (Segfault in stripslashes() with arm64).
    • Fixed bug GH-10214 (Incomplete validation of object syntax during unserialize()).
    • Fix substr_replace with slots in repl_ht being UNDEF.
  • XMLWriter:
    • Fix missing check for xmlTextWriterEndElement (nielsdos)

Version 8.2.1

  • Core:
    • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
    • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
    • Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows).
    • Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
    • Fixed potentially undefined behavior in Windows ftok(3) emulation.
    • Fixed GH-9769 (Misleading error message for unpacking of objects).
  • Apache:
    • Fixed bug GH-9949 (Partial content on incomplete POST request).
  • FPM:
    • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
    • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
    • Fixed bug #80669 (FPM numeric user fails to set groups).
    • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
  • Imap:
    • Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is still open).
  • MBString:
    • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
  • Opcache:
    • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
  • OpenSSL:
    • Fixed bug GH-9997 (OpenSSL engine clean up segfault).
    • Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
    • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
  • Pcntl:
    • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
  • PDO_Firebird:
    • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
  • Session:
    • Fixed GH-9932 (session name silently fails with . and [).
  • SPL:
    • Fixed GH-9883 (SplFileObject::__toString() reads next line).
    • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
  • SQLite3:
    • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).
  • TSRM:
    • Fixed Windows shmget() wrt. IPC_PRIVATE.

Version 8.2.0

  • CLI:
    • Fixed bug #81496 (Server logs incorrect request method).
    • Updated the mime-type table for the builtin-server.
    • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
    • Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource destruction.
    • Implement built-in web server responding without body to HEAD request on a static resource.
    • Implement built-in web server responding with HTTP status 405 to DELETE/PUT/PATCH request on a static resource.
    • Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
  • COM:
    • Fixed bug GH-8750 (Can not create VT_ERROR variant type).
  • Core:
    • Fixed bug #81380 (Observer may not be initialized properly).
    • Fixed bug GH-7771 (Fix filename/lineno of constant expressions).
    • Fixed bug GH-7792 (Improve class type in error messages).
    • Support huge pages on MacOS.
    • Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
    • Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable warning).
    • Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed enums).
    • Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function calls).
    • Optimised code path for newly created file with the stream plain wrapper.
    • Uses safe_perealloc instead of perealloc for the ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows.
    • Reduced the memory footprint of strings returned by var_export(), json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(), http_build_query(), strstr(), Reflection*::__toString().
    • Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
    • Added error_log_mode ini setting.
    • Updated request startup messages.
    • Fixed bug GH-7900 (Arrow function with never return type compile-time errors).
    • Fixed incorrect double to long casting in latest clang.
    • Added support for defining constants in traits.
    • Stop incorrectly emitting false positive deprecation notice alongside unsupported syntax fatal error for `"{$g{'h'}}"`.
    • Fix unexpected deprecated dynamic property warning, which occurred when exit() in finally block after an exception was thrown without catching.
    • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
    • Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
    • Fixed bug GH-9285 (Traits cannot be used in readonly classes).
    • Fixed bug GH-9186 (@strict-properties can be bypassed using unserialization).
    • Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword results in a parse error).
    • Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A).
    • Fixed observer class notify with Opcache file_cache_only=1.
    • Fixes segfault with Fiber on FreeBSD i386 architecture.
    • Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable) (Girgias)
    • Fixed bug GH-9589 (dl() segfaults when module is already loaded).
    • Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
    • Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
    • Fixed a bug with preloaded enums possibly segfaulting.
    • Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler).
    • Fixed potential NULL pointer dereference Windows shm*() functions.
    • Fix target validation for internal attributes with constructor property promotion.
    • Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
    • Move observer_declared_function_notify until after pass_two().
    • Do not report MINIT stage internal class aliases in extensions.
  • Curl:
    • Added support for CURLOPT_XFERINFOFUNCTION.
    • Added support for CURLOPT_MAXFILESIZE_LARGE.
    • Added new constants from cURL 7.62 to 7.80.
    • New function curl_upkeep().
  • Date:
    • Fixed GH-8458 (DateInterval::createFromDateString does not throw if non-relative items are present).
    • Fixed bug #52015 (Allow including end date in DatePeriod iterations) (Daniel Egeberg, Derick)
    • idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO Year).
    • Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
    • Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
    • Fixed bug GH-9106 (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
    • Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
    • Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
    • Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
    • Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no errors/warnings).
    • Fixed bug with parsing large negative numbers with the @ notation.
  • DBA:
    • Fixed LMDB driver hanging when attempting to delete a non-existing key (Girgias)
    • Fixed LMDB driver memory leak on DB creation failure (Girgias)
    • Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag).
  • FFI:
    • Fixed bug GH-9090 (Support assigning function pointers in FFI).
  • Fileinfo:
    • Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
  • Filter:
    • Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs.
  • FPM:
    • Emit error for invalid port setting.
    • Added extra check for FPM proc dumpable on SELinux based systems.
    • Added support for listening queue on macOS.
    • Changed default for listen.backlog on Linux to -1.
    • Added listen.setfib pool option to set route FIB on FreeBSD.
    • Added access.suppress_path pool option to filter access log entries.
    • Fixed on fpm scoreboard occasional warning on acquisition failure.
    • Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
  • FTP:
    • Fix datetime format string to follow POSIX spec in ftp_mdtm().
  • GD:
    • Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
  • GMP:
    • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
  • Hash:
    • Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
  • Intl:
    • Update all grandfathered language tags with preferred values
    • Fixed GH-7939 (Cannot unserialize IntlTimeZone objects).
    • Fixed build for ICU 69.x and onwards.
    • Declared Transliterator::$id as readonly to unlock subclassing it.
    • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
  • MBString:
    • Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()).
  • mysqli:
    • Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
  • MySQLnd:
    • Fixed potential heap corruption due to alignment mismatch.
  • OCI8:
    • Added oci8.prefetch_lob_size directive to tune LOB query performance
    • Support for building against Oracle Client libraries 10.1 and 10.2 has been dropped. Oracle Client libraries 11.2 or newer are now required.
  • ODBC:
    • Fixed bug GH-8300 (User input not escaped when building connection string).
    • Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).
  • Opcache:
    • Allocate JIT buffer close to PHP .text segemnt to allow using direct IP-relative calls and jumps.
    • Added initial support for JIT performance profiling generation for macOs Instrument.
    • Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
    • Added JIT support improvement for macOs for segments and executable permission bit handling.
    • Added JIT buffer allocation near the .text section on FreeNSD.
    • Fixed bug GH-9371 (Crash with JIT on mac arm64) (jdp1024/David Carlier)
    • Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer overflow).
    • Added indirect call reduction for jit on x86 architectures.
    • Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
    • Fix opcache preload with observers enabled.
  • OpenSSL:
    • Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
    • Fixed bug GH-9310 (SSL local_cert and local_pk do not respect open_basedir).
    • Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like AEAD).
    • Added openssl_cipher_key_length function.
    • Fixed bug GH-9517 (Compilation error openssl extension related to PR GH-9366).
    • Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620.
    • Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
  • PCNTL:
    • Fixed pcntl_(get|set)priority error handling for MacOS.
  • PCRE:
    • Implemented FR #77726 (Allow null character in regex patterns).
    • Updated bundled libpcre to 10.40.
  • PDO:
    • Fixed bug GH-9818 (Initialize run time cache in PDO methods).
  • PDO_Firebird:
    • Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8).
  • PDO_ODBC:
    • Fixed bug #80909 (crash with persistent connections in PDO_ODBC).
    • Fixed bug GH-8300 (User input not escaped when building connection string).
    • Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate).
    • Fixed bug GH-9372 (HY010 when binding overlong parameter).
  • PDO_PGSQL:
    • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
  • Random:
    • Added new random extension.
    • Fixed bug GH-9067 (random extension is not thread safe).
    • Fixed bug GH-9055 (segmentation fault if user engine throws).
    • Fixed bug GH-9066 (signed integer overflow).
    • Fixed bug GH-9083 (undefined behavior during shifting).
    • Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when generating uniform integers within a given range).
    • Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct() call twice).
    • Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative $advance).
    • Changed Mt19937 to throw a ValueError instead of InvalidArgumentException for invalid $mode.
    • Splitted Random\Randomizer::getInt() (without arguments) to Random\Randomizer::nextInt().
    • Fixed bug GH-9235 (non-existant $sequence parameter in stub for PcgOneseq128XslRr64::__construct()).
    • Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when handling large ranges).
    • Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid all-zero state).
    • Removed redundant RuntimeExceptions from Randomizer methods. The exceptions thrown by the engines will be exposed directly.
    • Added extension specific Exceptions/Errors (RandomException, RandomError, BrokenRandomEngineError).
    • Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937 always returns 1).
    • Fixed Randomizer::getInt() consistency for 32-bit engines.
    • Fixed bug GH-9464 (build on older macOs releases).
    • Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand() functions for MT_RAND_PHP).
  • Reflection:
    • Added ReflectionFunction::isAnonymous().
    • Added ReflectionMethod::hasPrototype().
    • Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
    • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
  • Session:
    • Fixed bug GH-7787 (Improve session write failure message for user error handlers).
    • Fixed GH-9200 (setcookie has an obsolete expires date format).
    • Fixed GH-9584 (Avoid memory corruption when not unregistering custom session handler).
    • Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
  • SOAP:
    • Fixed bug GH-9720 (Null pointer dereference while serializing the response).
  • Sockets:
    • Added TCP_NOTSENT_LOWAT socket option.
    • Added SO_MEMINFO socket option.
    • Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
    • Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket options.
    • Added ancillary data support for FreeBSD.
    • Added ancillary data support for NetBSD.
    • Added SO_BPF_EXTENSIONS socket option.
    • Added SO_SETFIB socket option.
    • Added TCP_CONGESTION socket option.
    • Added SO_ZEROCOPY/MSG_ZEROCOPY options.
    • Added SOL_FILTER socket option for Solaris.
    • Fixed socket constants regression as of PHP 8.2.0beta3.
  • Sodium:
    • Added sodium_crypto_stream_xchacha20_xor_ic().
  • SPL:
    • Uses safe_erealloc instead of erealloc to handle heap growth for the SplHeap::insert method to avoid possible overflows.
    • Widen iterator_to_array() and iterator_count()'s $iterator parameter to iterable.
    • Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
    • Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).
  • SQLite3:
    • Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER.
  • Standard:
    • net_get_interfaces() also reports wireless network interfaces on Windows.
    • Finished AVIF support in getimagesize().
    • Fixed bug GH-7847 (stripos with large haystack has bad performance).
    • New function memory_reset_peak_usage().
    • Fixed parse_url(): can not recognize port without scheme.
    • Deprecated utf8_encode() and utf8_decode().
    • Fixed the crypt_sha256/512 api build with clang > 12.
    • Uses safe_erealloc instead of erealloc to handle options in getopt to avoid possible overflows.
    • Implemented FR GH-8924 (str_split should return empty array for empty string).
    • Added ini_parse_quantity function to convert ini quantities shorthand notation to int.
    • Enable arc4random_buf for Linux glibc 2.36 and onwards for the random_bytes.
    • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
    • Fixed bug #65489 (glob() basedir check is inconsistent).
    • Fixed GH-9200 (setcookie has an obsolete expires date format).
    • Fixed GH-9244 (Segfault with array_multisort + array_shift).
    • Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys).
    • Marked crypt()'s $string parameter as #[\SensitiveParameter].
    • Fixed bug GH-9464 (build on older macOs releases).
    • Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants).
    • Revert "Fixed parse_url(): can not recognize port without scheme." (andypost)
    • Fix crash reading module_entry after DL_UNLOAD() when module already loaded.
  • Streams:
    • Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
    • Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory).
    • Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT.
    • Fixed bug GH-9316 ($http_response_header is wrong for long status line).
    • Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).
    • Fixed bug GH-9653 (file copy between different filesystems).
    • Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode).
  • Windows:
    • Added preliminary support for (cross-)building for ARM64.
  • XML:
    • Added libxml_get_external_entity_loader() function.
  • Zip:
    • add ZipArchive::clearError() method
    • add ZipArchive::getStreamName() method
    • add ZipArchive::getStreamIndex() method
    • On Windows, the Zip extension is now built as shared library (DLL) by default.
    • Implement fseek for zip stream when possible with libzip 1.9.1.

Version 8.1.18

  • Core:
    • Added optional support for max_execution_time in ZTS/Linux builds.
    • Fixed use-after-free in recursive AST evaluation.
    • Fixed bug GH-8646 (Memory leak PHP FPM 8.1).
    • Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
    • Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on apache).
    • Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
    • Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
    • Fix potential memory corruption when mixing __callStatic() and FFI.
  • Date:
    • Fixed bug GH-10583 (DateTime modify with tz pattern should not update linked timezone).
  • FPM:
    • Fixed bug GH-10611 (fpm_env_init_main leaks environ).
    • Destroy file_handle in fpm_main.
    • Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when spaces are in path).
  • FTP:
    • Propagate success status of ftp_close().
    • Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
  • IMAP:
    • Fix build failure with Clang 16.
  • MySQLnd:
    • Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL connections).
  • Opcache:
    • Fixed build for macOS to cater with pkg-config settings.
    • Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in PHP >= 8.1.5 in fpm context).
  • OpenSSL:
    • Add missing error checks on file writing functions.
  • PDO Firebird:
    • Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel and 32 bit userland).
  • PDO ODBC:
    • Fixed missing and inconsistent error checks on SQLAllocHandle.
  • Phar:
    • Fixed bug GH-10766 (PharData archive created with Phar::Zip format does not keep files metadata (datetime)).
    • Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
  • PGSQL:
    • Fixed typo in the array returned from pg_meta_data (extended mode).
  • SPL:
    • Fixed bug GH-10519 (Array Data Address Reference Issue).
    • Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
  • Standard:
    • Fixed bug GH-10885 (stream_socket_server context leaks).
    • Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown (apache2)).
    • Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter and enclosure).
    • Fixed undefined behaviour in unpack().

Version 8.1.17

  • Core:
    • Fixed incorrect check condition in ZEND_YIELD.
    • Fixed incorrect check condition in type inference.
    • Fixed overflow check in OnUpdateMemoryConsumption.
    • Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a Generator emits an unavoidable fatal error or crashes).
    • Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown function after bailout).
    • Fixed SSA object type update for compound assignment opcodes.
    • Fixed language scanner generation build.
    • Fixed zend_update_static_property() calling zend_update_static_property_ex() misleadingly with the wrong return type.
    • Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer constant name).
    • Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle() freeing dangling pointers on the handle as it was uninitialized.
  • Curl:
    • Fixed deprecation warning at compile time.
    • Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc callback).
  • Date:
    • Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00).
  • FFI:
    • Fixed incorrect bitshifting and masking in ffi bitfield.
  • Fiber:
    • Fixed assembly on alpine x86.
    • Fixed bug GH-10496 (segfault when garbage collector is invoked inside of fiber).
  • FPM:
    • Fixed bug GH-10315 (FPM unknown child alert not valid).
    • Fixed bug GH-10385 (FPM successful config test early exit).
  • Intl:
    • Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods error code's argument always returning NULL0.
  • JSON:
    • Fixed JSON scanner and parser generation build.
  • MBString:
    • ext/mbstring: fix new_value length check.
    • Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows).
  • Opcache:
    • Fix incorrect page_size check.
  • OpenSSL:
    • Fixed php_openssl_set_server_dh_param() DH params errors handling.
  • PDO OCI:
    • Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
  • PHPDBG:
    • Fixed bug GH-10715 (heap buffer overflow on --run option misuse).
  • PGSQL:
    • Fix GH-10672 (pg_lo_open segfaults in the strict_types mode).
  • Phar:
    • Fix incorrect check in phar tar parsing.
  • Reflection:
    • Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with variadic arguments).
    • Fix Segfault when using ReflectionFiber suspended by an internal function.
  • Session:
    • Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as the latter was considered success by callers. (nielsdos).
  • Standard:
    • Fixed bug GH-10292 (Made the default value of the first param of srand() and mt_srand() unknown).
    • Fix incorrect check in cs_8559_5 in map_from_unicode().
    • Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of properties table for certain internal classes such as FFI classes
    • Fix incorrect error check in browsecap for pcre2_match().
  • Tidy:
    • Fix memory leaks when attempting to open a non-existing file or a file over 4GB.
    • Add missing error check on tidyLoadConfig.
  • Zlib:
    • Fixed output_handler directive value's length which counted the string terminator.

Version 8.1.16

  • Core:
    • Fixed bug #81744 (Password_verify() always return true with some hash).
    • Fixed bug #81746 (1-byte array overrun in common path resolve code).
  • SAPI:
    • Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)

Version 8.1.15

  • Apache:
    • Fixed bug GH-9949 (Partial content on incomplete POST request).
  • Core:
    • Fixed bug GH-10072 (PHP crashes when execute_ex is overridden and a __call trampoline is used from internal code).
    • Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed).
    • Fix wrong comparison in block optimisation pass after opcode update.
  • Date:
    • Fixed bug GH-9891 (DateTime modify with unixtimestamp (@) must work like setTimestamp).
    • Fixed bug GH-10218 (DateTimeZone fails to parse time zones that contain the "+" character).
  • Fiber:
    • Fix assertion on stack allocation size.
  • FPM:
    • Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
    • Fixed bug #67244 (Wrong owner:group for listening unix socket).
  • Hash:
    • Handle exceptions from __toString in XXH3's initialization (nielsdos)
  • LDAP:
    • Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
  • MBString:
    • Fixed: mb_strlen (and a couple of other mbstring functions) would wrongly treat 0x80, 0xFD, 0xFE, 0xFF, and certain other byte values as the first byte of a 2-byte SJIS character.
  • Opcache:
    • Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
    • Fix access to uninitialized variable in accel_preload().
    • Fix zend_jit_find_trace() crashes.
    • Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit.
  • Phar:
    • Fix wrong flags check for compression method in phar_object.c (nielsdos)
  • PHPDBG:
    • Fix undefined behaviour in phpdbg_load_module_or_extension().
    • Fix NULL pointer dereference in phpdbg_create_conditional_breal().
    • Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
    • Fix phpdbg segmentation fault in case of malformed input (nielsdos)
  • Posix:
    • Fix memory leak in posix_ttyname() (girgias)
  • Standard:
    • Fix GH-10187 (Segfault in stripslashes() with arm64).
    • Fix substr_replace with slots in repl_ht being UNDEF.
  • TSRM:
    • Fixed Windows shmget() wrt. IPC_PRIVATE.
  • XMLWriter:
    • Fix missing check for xmlTextWriterEndElement (nielsdos)

Version 8.1.14

  • Core:
    • Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
    • Fixed bug GH-9918 (License information for xxHash is not included in README.REDIST.BINS file).
    • Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]).
    • Fixed potentially undefined behavior in Windows ftok(3) emulation.
  • Date:
    • Fixed bug GH-9699 (DateTimeImmutable::diff differences in 8.1.10 onwards - timezone related).
    • Fixed bug GH-9700 (DateTime::createFromFormat: Parsing TZID string is too greedy).
    • Fixed bug GH-9866 (Time zone bug with \DateTimeInterface::diff()).
    • Fixed bug GH-9880 (DateTime diff returns wrong sign on day count when using a timezone).
  • FPM:
    • Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug #66694).
    • Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
    • Fixed bug GH-8517 (Random crash of FPM master process in fpm_stdio_child_said).
  • MBString:
    • Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in PHP8.1).
  • Opcache:
    • Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
  • OpenSSL:
    • Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
    • Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with no-dsa).
  • Pcntl:
    • Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
  • PDO_Firebird:
    • Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
  • Session:
    • Fixed GH-9932 (session name silently fails with . and [).
  • SPL:
    • Fixed GH-9883 (SplFileObject::__toString() reads next line).
    • Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be unregistered).
  • SQLite3:
    • Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI).

Version 8.1.13

  • CLI:
    • Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
  • Core:
    • Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
    • Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
    • Fixed potential NULL pointer dereference Windows shm*() functions.
    • Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
  • Date:
    • Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).
  • FPM:
    • Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
  • mysqli:
    • Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
  • MySQLnd:
    • Fixed potential heap corruption due to alignment mismatch.
  • OpenSSL:
    • Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
  • SOAP:
    • Fixed GH-9720 (Null pointer dereference while serializing the response).

Version 8.1.12

  • Core:
    • Fixes segfault with Fiber on FreeBSD i386 architecture.
  • Fileinfo:
    • Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
  • GD:
    • Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
  • Hash:
    • Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
  • MBString:
    • Fixed bug GH-9683 (Problem when ISO-2022-JP-MS is specified in mb_ encode_mimeheader).
  • Opcache:
    • Added indirect call reduction for jit on x86 architectures.
  • Session:
    • Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
  • Streams:
    • Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).

Version 8.1.11

  • Core:
    • Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
    • Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
    • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
    • Fixed bug GH-9361 (Segmentation fault on script exit #9379).
    • Fixed bug GH-9447 (Invalid class FQN emitted by AST dump for new and class constants in constant expressions).
  • DOM:
    • Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
  • FPM:
    • Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
    • Fixed bug #77780 ("Headers already sent..." when previous connection was aborted).
  • GMP:
    • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
  • Intl:
    • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
  • PCRE:
    • Fixed pcre.jit on Apple Silicon.
  • PDO_PGSQL:
    • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
  • Reflection:
    • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
  • Streams:
    • Fixed bug GH-9316 ($http_response_header is wrong for long status line).

Version 8.1.10

  • Core:
    • Fixed --CGI-- support of run-tests.php.
    • Fixed incorrect double to long casting in latest clang.
    • Fixed bug GH-9266 (GC root buffer keeps growing when dtors are present).
  • Date:
    • Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of different type).
    • Fixed bug GH-8964 (DateTime object comparison after applying delta less than 1 second).
    • Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded down since PHP 8.1.0).
    • Fixed bug #81263 (Wrong result from DateTimeImmutable::diff).
  • DBA:
    • Fixed LMDB driver memory leak on DB creation failure.
    • Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
  • IMAP:
    • Fixed bug GH-9309 (Segfault when connection is used after imap_close()).
  • Intl:
    • Fixed IntlDateFormatter::formatObject() parameter type.
  • MBString:
    • Fixed bug GH-9008 (mb_detect_encoding(): wrong results with null $encodings).
  • OPcache:
    • Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
    • Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
  • PDO_SQLite:
    • Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
  • SQLite3:
    • Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
  • Streams:
    • Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
    • Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).

Version 8.1.9

  • CLI:
    • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
    • Fixed GH-8952 (Intentionally closing std handles no longer possible).
  • Core:
    • Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
    • Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
  • Date:
    • Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
  • FPM:
    • Fixed zlog message prepend, free on incorrect address.
    • Fixed possible double free on configuration loading failure. (Heiko Weber).
  • GD:
    • Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
  • Intl:
    • Fixed build for ICU 69.x and onwards.
  • OPcache:
    • Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntax of a valid file).
    • Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
  • Reflection:
    • Fixed bug GH-8943 (Fixed Reflection::getModifierNames() with readonly modifier).
  • Standard:
    • Fixed the crypt_sha256/512 api build with clang > 12.
    • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
    • Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).

Version 8.1.8

  • Core:
    • Fixed bug GH-8338 (Intel CET is disabled unintentionally).
    • Fixed leak in Enum::from/tryFrom for internal enums when using JIT
    • Fixed calling internal methods with a static return type from extension code.
    • Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1 references).
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed GH-8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #72963 (Null-byte injection in CreateFromFormat and related functions).
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • Fileinfo:
    • Fixed bug #81723 (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don't work).
  • GD:
    • Fixed imagecreatefromavif() memory leak.
  • MBString:
    • mb_detect_encoding recognizes all letters in Czech alphabet
    • mb_detect_encoding recognizes all letters in Hungarian alphabet
    • Fixed bug GH-8685 (pcre not ready at mbstring startup).
    • Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OPcache:
    • Fixed bug GH-8591 (tracing JIT crash after private instance method change).
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed handling of single-key connection strings.
  • Zip:
    • Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache).

Version 8.1.7

  • CLI:
    • Fixed bug GH-8575 (CLI closes standard streams too early).
  • Date:
    • Fixed bug #51934 (strtotime plurals / incorrect time).
    • Fixed bug #51987 (Datetime fails to parse an ISO 8601 ordinal date (extended format)).
    • Fixed bug #66019 (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)
    • Fixed bug #68549 (Timezones and offsets are not properly used when working with dates)
    • Fixed bug #81565 (date parsing fails when provided with timezones including seconds).
    • Fixed bug GH-7758 (Problems with negative timestamps and fractions).
  • FPM:
    • Fixed ACL build check on MacOS.
    • Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
  • mysqlnd:
    • Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
  • OPcache:
    • Fixed bug GH-8461 (tracing JIT crash after function/method change).
  • OpenSSL:
    • Fixed bug #79589 (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading).
  • Pcntl:
    • Fixed Haiku build.
  • pgsql:
    • Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
  • Soap:
    • Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
    • Fixed bug GH-8538 (SoapClient may strip parts of nmtokens).
  • SPL:
    • Fixed bug GH-8235 (iterator_count() may run indefinitely).
  • Standard:
    • Fixed bug GH-8185 (Crash during unloading of extension after dl() in ZTS).
  • Zip:
    • Fixed type for index in ZipArchive::replaceFile.

Version 8.1.6

  • Core:
    • Fixed bug GH-8310 (Registry settings are no longer recognized).
    • Fixed potential race condition during resource ID allocation.
    • Fixed bug GH-8133 (Preloading of constants containing arrays with enums segfaults).
    • Fixed Haiku ZTS builds.
  • Date:
    • Fixed bug GH-7752 (DateTimeZone::getTransitions() returns insufficient data).
    • Fixed bug GH-8108 (Timezone doesn't work as intended).
    • Fixed bug #81660 (DateTimeZone::getTransitions() returns invalid data).
    • Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
  • FFI:
    • Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
  • FPM:
    • Fixed bug #76003 (FPM /status reports wrong number of active processe).
    • Fixed bug #77023 (FPM cannot shutdown processes).
    • Fixed comment in kqueue remove callback log message.
  • Hash:
    • Fixed bug #81714 (segfault when serializing finalized HashContext).
  • Iconv:
    • Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
  • Intl:
    • Fixed bug GH-8364 (msgfmt_format $values may not support references).
  • MBString:
    • Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier.
  • MySQLi:
    • Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
  • SPL:
    • Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
    • Fixed bug GH-8273 (SplFileObject: key() returns wrong value).
  • Streams:
    • Fixed php://temp does not preserve file-position when switched to temporary file.
  • zlib:
    • Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).

Version 8.1.5

  • Core:
    • Fixed bug GH-8176 (Enum values in property initializers leak).
    • Fixed freeing of internal attribute arguments.
    • Fixed bug GH-8070 (memory leak of internal function attribute hash).
    • Fixed bug GH-8160 (ZTS support on Alpine is broken).
  • Filter:
    • Fixed signedness confusion in php_filter_validate_domain().
  • Intl:
    • Fixed bug GH-8115 (Can't catch arg type deprecation when instantiating Intl classes).
    • Fixed bug GH-8142 (Compilation error on cygwin).
    • Fixed bug GH-7734 (Fix IntlPartsIterator key off-by-one error and first key).
  • MBString:
    • Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
  • MySQLi:
    • Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
  • Pcntl:
    • Fixed bug GH-8142 (Compilation error on cygwin).
  • PgSQL:
    • Fixed result_type related stack corruption on LLP64 architectures.
    • Fixed bug GH-8253 (pg_insert() fails for references).
  • Sockets:
    • Fixed Solaris builds.
  • SPL:
    • Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
    • Fixed bug GH-8192 (Cannot override DirectoryIterator::current() without return typehint in 8.1).
  • Standard:
    • Fixed bug GH-8048 (Force macOS to use statfs).

Version 8.1.4

  • Core:
    • Fixed Haiku ZTS build.
    • Fixed bug GH-8059 arginfo not regenerated for extension.
    • Fixed bug GH-8083 Segfault when dumping uncalled fake closure with static variables.
    • Fixed bug GH-7958 (Nested CallbackFilterIterator is leaking memory).
    • Fixed bug GH-8074 (Wrong type inference of range() result).
    • Fixed bug GH-8140 (Wrong first class callable by name optimization).
    • Fixed bug GH-8082 (op_arrays with temporary run_time_cache leak memory when observed).
  • GD:
    • Fixed libpng warning when loading interlaced images.
  • FPM:
    • Fixed bug #76109 (Unsafe access to fpm scoreboard).
  • Iconv:
    • Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
    • Fixed bug GH-7980 (Unexpected result for iconv_mime_decode).
  • MBString:
    • Fixed bug GH-8128 (mb_check_encoding wrong result for 7bit).
  • MySQLnd:
    • Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package).
  • Reflection:
    • Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
  • Zlib:
    • Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).

Version 8.1.3

  • Core:
    • Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
    • Fixed bug GH-7896 (Environment vars may be mangled on Windows).
    • Fixed bug GH-7883 (Segfault when INI file is not readable).
  • FFI:
    • Fixed bug GH-7867 (FFI::cast() from pointer to array is broken).
  • Filter:
    • Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
  • FPM:
    • Fixed memory leak on invalid port.
    • Fixed bug GH-7842 (Invalid OpenMetrics response format returned by FPM status page.
  • MBString:
    • Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only).
  • MySQLnd:
    • Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped).
  • pcntl:
    • Fixed pcntl_rfork build for DragonFlyBSD.
  • Sockets:
    • Fixed bug GH-7978 (sockets extension compilation errors).
  • Standard:
    • Fixed bug GH-7899 (Regression in unpack for negative int value).
    • Fixed bug GH-7875 (mails are sent even if failure to log throws exception).

Version 8.1.2

  • Core:
    • Fixed bug #81216 (Nullsafe operator leaks dynamic property name).
    • Fixed bug #81684 (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).
    • Fixed bug #81656 (GCC-11 silently ignores -R).
    • Fixed bug #81683 (Misleading "access type ... must be public" error message on final or abstract interface methods).
    • Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
    • Fixed bug GH-7757 (Multi-inherited final constant causes fatal error).
    • Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT.
    • Added riscv64 support for fibers.
  • Filter:
    • Fixed FILTER_FLAG_NO_RES_RANGE flag.
  • Hash:
    • Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
    • Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file).
  • MBString:
    • Fixed bug #81693 (mb_check_encoding(7bit) segfaults).
  • MySQLi:
    • Fixed bug #81658 (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
    • Introduced MYSQLI_IS_MARIADB.
    • Fixed bug GH-7746 (mysqli_sql_exception->getSqlState()).
  • MySQLnd:
    • Fixed bug where large bigints may be truncated.
  • OCI8:
    • Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call).
  • OPcache:
    • Fixed bug #81679 (Tracing JIT crashes on reattaching).
  • Readline:
    • Fixed bug #81598 (Cannot input unicode characters in PHP 8 interactive shell).
  • Reflection:
    • Fixed bug #81681 (ReflectionEnum throwing exceptions).
  • PDO_PGSQL:
    • Fixed error message allocation of PDO PgSQL.
  • Sockets:
    • Avoid void* arithmetic in sockets/multicast.c on NetBSD.
    • Fixed ext/sockets build on Haiku.
  • Spl:
    • Fixed bug #75917 (SplFileObject::seek broken with CSV flags).
    • Fixed bug GH-7809 (Cloning a faked SplFileInfo object may segfault).
  • Standard:
    • Fixed bug GH-7748 (gethostbyaddr outputs binary string).
    • Fixed bug GH-7815 (php_uname doesn't recognise latest Windows versions).

Version 8.1.1

  • IMAP:
    • Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
  • PCRE:
    • Update bundled PCRE2 to 10.39.
    • Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
  • Standard:
    • Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).

Version 8.1.0

  • Core:
    • Fixed inclusion order for phpize builds on Windows.
    • Added missing hashtable insertion APIs for arr/obj/ref.
    • Implemented FR #77372 (Relative file path is removed from uploaded file).
    • Fixed bug #81607 (CE_CACHE allocation with concurrent access).
    • Fixed bug #81507 (Fiber does not compile on AIX).
    • Fixed bug #78647 (SEGFAULT in zend_do_perform_implementation_check).
    • Fixed bug #81518 (Header injection via default_mimetype / default_charset).
    • Fixed bug #75941 (Fix compile failure on Solaris with clang).
    • Fixed bug #81380 (Observer may not be initialized properly).
    • Fixed bug #81514 (Using Enum as key in WeakMap triggers GC + SegFault).
    • Fixed bug #81520 (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
    • Fixed bug #81377 (unset() of $GLOBALS sub-key yields warning).
    • Fixed bug #81342 (New ampersand token parsing depends on new line after it).
    • Fixed bug #81280 (Unicode characters in cli.prompt causes segfault).
    • Fixed bug #81192 ("Declaration should be compatible with" gives incorrect line number with traits).
    • Fixed bug #78919 (CLI server: insufficient cleanup if request startup fails).
    • Fixed bug #81303 (match error message improvements).
    • Fixed bug #81238 (Fiber support missing for Solaris Sparc).
    • Fixed bug #81237 (Comparison of fake closures doesn't work).
    • Fixed bug #81202 (powerpc64 build fails on fibers).
    • Fixed bug #80072 (Cyclic unserialize in TMPVAR operand may leak).
    • Fixed bug #81163 (__sleep allowed to return non-array).
    • Fixed bug #75474 (function scope static variables are not bound to a unique function).
    • Fixed bug #53826 (__callStatic fired in base class through a parent call if the method is private).
    • Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
  • CLI:
    • Fixed bug #81496 (Server logs incorrect request method).
  • COM:
    • Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT.
  • Curl:
    • Fixed bug #81085 (Support CURLOPT_SSLCERT_BLOB for cert strings).
  • Date:
    • Fixed bug #81458 (Regression Incorrect difference after timezone change).
    • Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
    • Fixed bug #81504 (Incorrect timezone transition details for POSIX data).
    • Fixed bug #80998 (Missing second with inverted interval).
    • Speed up finding timezone offset information.
    • Fixed bug #79580 (date_create_from_format misses leap year).
    • Fixed bug #80963 (DateTimeZone::getTransitions() truncated).
    • Fixed bug #80974 (Wrong diff between 2 dates in different timezones).
    • Fixed bug #80998 (Missing second with inverted interval).
    • Fixed bug #81097 (DateTimeZone silently falls back to UTC when providing an offset with seconds).
    • Fixed bug #81106 (Regression in 8.1: add() now truncate ->f).
    • Fixed bug #81273 (Date interval calculation not correct).
    • Fixed bug #52480 (Incorrect difference using DateInterval).
    • Fixed bug #62326 (date_diff() function returns false result).
    • Fixed bug #64992 (dst not handled past 2038).
    • Fixed bug #65003 (Wrong date diff).
    • Fixed bug #66545 (DateTime. diff returns negative values).
    • Fixed bug #68503 (date_diff on two dates with timezone set localised returns wrong results).
    • Fixed bug #69806 (Incorrect date from timestamp).
    • Fixed bug #71700 (Extra day on diff between begin and end of march 2016).
    • Fixed bug #71826 (DateTime::diff confuse on timezone 'Asia/Tokyo').
    • Fixed bug #73460 (Datetime add not realising it already applied DST change).
    • Fixed bug #74173 (DateTimeImmutable::getTimestamp() triggers DST switch in incorrect time).
    • Fixed bug #74274 (Handling DST transitions correctly).
    • Fixed bug #74524 (Date diff is bad calculated, in same time zone).
    • Fixed bug #75167 (DateTime::add does only care about backward DST transition, not forward).
    • Fixed bug #76032 (DateTime->diff having issues with leap days for timezones ahead of UTC).
    • Fixed bug #76374 (Date difference varies according day time).
    • Fixed bug #77571 (DateTime's diff DateInterval incorrect in timezones from UTC+01:00 to UTC+12:00).
    • Fixed bug #78452 (diff makes wrong in hour for Asia/Tehran).
    • Fixed bug #79452 (DateTime::diff() generates months differently between time zones).
    • Fixed bug #79698 (timelib mishandles future timestamps (triggered by 'zic -b slim')).
    • Fixed bug #79716 (Invalid date time created (with day "00")).
    • Fixed bug #80610 (DateTime calculate wrong with DateInterval).
    • Fixed bug #80664 (DateTime objects behave incorrectly around DST transition).
    • Fixed bug #80913 (DateTime(Immutable)::sub around DST yield incorrect time).
  • DBA:
    • Fixed bug #81588 (TokyoCabinet driver leaks memory).
  • DOM:
    • Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
  • FFI:
    • Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
  • Filter:
    • Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
  • FPM:
    • Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
    • Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
    • Added openmetrics status format.
    • Enable process renaming on macOS.
    • Added pm.max_spawn_rate option to configure max spawn child processes rate.
    • Fixed bug #65800 (Events port mechanism).
  • FTP:
    • Convert resource<ftp> to object \FTP\Connection.
  • GD:
    • Fixed bug #71316 (libpng warning from imagecreatefromstring).
    • Convert resource<gd font> to object \GdFont.
    • Added support for Avif images
  • hash:
    • Implemented FR #68109 (Add MurmurHash V3).
    • Implemented FR #73385 (Add xxHash support).
  • JSON:
    • Fixed bug #81532 (Change of $depth behaviour in json_encode() on PHP 8.1).
  • LDAP:
    • Convert resource<ldap link> to object \LDAP\Connection.
    • Convert resource<ldap result> to object \LDAP\Result.
    • Convert resource<ldap result entry> to object \LDAP\ResultEntry.
  • MBString:
    • Fixed bug #76167 (mbstring may use pointer from some previous request).
    • Fixed bug #81390 (mb_detect_encoding() regression).
    • Fixed bug #81349 (mb_detect_encoding misdetcts ASCII in some cases).
    • Fixed bug #81298 (mb_detect_encoding() segfaults when 7bit encoding is specified).
  • MySQLi:
    • Fixed bug #70372 (Emulate mysqli_fetch_all() for libmysqlclient).
    • Fixed bug #80330 (Replace language in APIs and source code/docs).
    • Fixed bug #80329 (Add option to specify LOAD DATA LOCAL white list folder (including libmysql)).
  • MySQLnd:
    • Fixed bug #63327 (Crash (Bus Error) in mysqlnd due to wrong alignment).
    • Fixed bug #80761 (PDO uses too much memory).
  • Opcache:
    • Fixed bug #81409 (Incorrect JIT code for ADD with a reference to array).
    • Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
    • Fixed bug #80959 (infinite loop in building cfg during JIT compilation).
    • Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
    • Fixed bug #81249 (Intermittent property assignment failure with JIT enabled).
    • Fixed bug #81256 (Assertion `zv != ((void *)0)' failed for "preload" with JIT).
    • Fixed bug #81133 (building opcache with phpize fails).
    • Fixed bug #81136 (opcache header not installed).
    • Added inheritance cache.
  • OpenSSL:
    • Fixed bug #81502 ($tag argument of openssl_decrypt() should accept null/empty string).
    • Bump minimal OpenSSL version to 1.0.2.
  • PCRE:
    • Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
    • Bundled PCRE2 is 10.37.
  • PDO:
    • Fixed bug #40913 (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for fetching a BLOB).
  • PDO MySQL:
    • Fixed bug #80908 (PDO::lastInsertId() return wrong).
    • Fixed bug #81037 (PDO discards error message text from prepared statement).
  • PDO OCI:
    • Fixed bug #77120 (Support 'success with info' at connection).
  • PDO ODBC:
    • Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for PDO::getAttribute().
  • PDO PgSQL:
    • Fixed bug #81343 (pdo_pgsql: Inconsitent boolean conversion after calling closeCursor()).
  • PDO SQLite:
    • Fixed bug #38334 (Proper data-type support for PDO_SQLITE).
  • PgSQL:
    • Fixed bug #81509 (pg_end_copy still expects a resource).
    • Convert resource<pgsql link> to object \PgSql\Connection.
    • Convert resource<pgsql result> to object \PgSql\Result.
    • Convert resource<pgsql large object> to object \PgSql\Lob.
  • Phar:
    • Use SHA256 by default for signature.
    • Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature.
  • phpdbg:
    • Fixed bug #81135 (unknown help topic causes assertion failure).
  • PSpell:
    • Convert resource<pspell> to object \PSpell\Dictionary.
    • Convert resource<pspell config> to object \PSpell\Config.
  • readline:
    • Fixed bug #72998 (invalid read in readline completion).
  • Reflection:
    • Fixed bug #81611 (ArgumentCountError when getting default value from ReflectionParameter with new).
    • Fixed bug #81630 (PHP 8.1: ReflectionClass->getTraitAliases() crashes with Internal error).
    • Fixed bug #81457 (Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass).
    • Fixed bug #81474 (Make ReflectionEnum and related class non-final).
    • Fixed bug #80821 (ReflectionProperty::getDefaultValue() returns current value for statics).
    • Fixed bug #80564 (ReflectionProperty::__toString() renders current value, not default value).
    • Fixed bug #80097 (ReflectionAttribute is not a Reflector).
    • Fixed bug #81200 (no way to determine if Closure is static).
    • Implement ReflectionFunctionAbstract::getClosureUsedVariables.
  • Shmop:
    • Fixed bug #81407 (shmop_open won't attach and causes php to crash).
  • SimpleXML:
    • Fixed bug #81325 (Segfault in zif_simplexml_import_dom).
  • SNMP:
    • Implement SHA256 and SHA512 for security protocol.
  • Sodium:
    • Added the XChaCha20 stream cipher functions.
    • Added the Ristretto255 functions, which are available in libsodium 1.0.18.
  • SPL:
    • Fixed bug #66588 (SplFileObject::fgetcsv incorrectly returns a row on premature EOF).
    • Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
    • Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1).
    • Fixed bug #81112 (Special json_encode behavior for SplFixedArray).
    • Fixed bug #80945 ("Notice: Undefined index" on unset() ArrayObject non-existing key).
    • Fixed bug #80724 (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE from bitmask).
  • Standard:
    • Fixed bug #81441 (gethostbyaddr('::1') returns ip instead of name after calling some other method).
    • Fixed bug #81491 (Incorrectly using libsodium for argon2 hashing).
    • Fixed bug #81142 (PHP 7.3+ memory leak when unserialize() is used on an associative array).
    • Fixed bug #81111 (Serialization is unexpectedly allowed on anonymous classes with __serialize()).
    • Fixed bug #81137 (hrtime breaks build on OSX before Sierra).
    • Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
  • Streams:
    • Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
  • XML:
    • Fixed bug #79971 (special character is breaking the path in xml function) (CVE-2021-21707).
    • Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
  • Zip:
    • Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
    • Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).
    • Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination) (CVE-2021-21706).
    • Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword).

Version 8.0.28

  • Core:
    • Fixed bug #81744 (Password_verify() always return true with some hash).
    • Fixed bug #81746 (1-byte array overrun in common path resolve code).
  • SAPI:
    • Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart request body). (CVE-2023-0662)

Version 8.0.27

  • PDO/SQLite:
    • Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)

Version 8.0.26

  • CLI:
    • Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
  • Core:
    • Fixed bug GH-9752 (Generator crashes when interrupted during argument evaluation with extra named params).
    • Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during initialization).
    • Fixed potential NULL pointer dereference in Windows shm*() functions.
    • Fixed bug GH-9750 (Generator memory leak when interrupted during argument evaluation.
  • Date:
    • Fixed bug GH-9763 (DateTimeZone ctr mishandles input and adds null byte if the argument is an offset larger than 100*60 minutes).
  • FPM:
    • Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running php-fpm 8.1.11).
  • mysqli:
    • Fixed bug GH-9841 (mysqli_query throws warning despite using silenced error mode).
  • OpenSSL:
    • Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does not build).
  • SOAP:
    • Fixed GH-9720 (Null pointer dereference while serializing the response).

Version 8.0.25

  • GD:
    • Fixed bug #81739: OOB read due to insufficient input validation in imageloadfont(). (CVE-2022-31630)
  • Hash:
    • Fixed bug #81738: buffer overflow in hash_update() on long parameter. (CVE-2022-37454)
  • Session:
    • Fixed bug GH-9583 (session_create_id() fails with user defined save handler that doesn't have a validateId() method).
  • Streams:
    • Fixed bug GH-9590 (stream_select does not abort upon exception or empty valid fd set).

Version 8.0.24

  • Core:
    • Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function) (Tim Starling)
    • Fixed bug GH-9361 (Segmentation fault on script exit #9379).
    • Fixed bug GH-9407 (LSP error in eval'd code refers to wrong class for static type).
    • Fixed bug #81727: Don't mangle HTTP variable names that clash with ones that have a specific semantic meaning. (CVE-2022-31629)
  • DOM:
    • Fixed bug #79451 (DOMDocument->replaceChild on doctype causes double free).
  • FPM:
    • Fixed bug GH-8885 (FPM access.log with stderr begins to write logs to error_log after daemon reload).
    • Fixed bug #77780 ("Headers already sent..." when previous connection was aborted).
  • GMP:
    • Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed to gmp_init()).
  • Intl:
    • Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
  • Phar:
    • Fixed bug #81726: phar wrapper: DOS when using quine gzip file. (CVE-2022-31628)
  • PDO_PGSQL:
    • Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
  • Reflection:
    • Fixed bug GH-8932 (ReflectionFunction provides no way to get the called class of a Closure).
    • Fixed bug GH-9409 (Private method is incorrectly dumped as "overwrites").
  • Streams:
    • Fixed bug GH-9316 ($http_response_header is wrong for long status line).

Version 8.0.23

  • Core:
    • Fixed incorrect double to long casting in latest clang.
  • DBA:
    • Fixed LMDB driver memory leak on DB creation failure.
    • Fixed bug GH-9155 (dba_open("non-existing", "c-", "flatfile") segfaults).
  • Intl:
    • Fixed IntlDateFormatter::formatObject() parameter type.
  • OPcache:
    • Fixed bug GH-9033 (Loading blacklist file can fail due to negative length).
  • PDO_SQLite:
    • Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
  • SQLite3:
    • Fixed bug GH-9032 (SQLite3 authorizer crashes on NULL values).
  • Standard:
    • Fixed bug GH-9017 (php_stream_sock_open_from_socket could return NULL).
  • Streams:
    • Fixed bug GH-8472 (The resource returned by stream_socket_accept may have incorrect metadata).
    • Fixed bug GH-8409 (SSL handshake timeout leaves persistent connections hanging).

Version 8.0.22

  • CLI:
    • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
  • Core:
    • Fixed bug GH-8923 (error_log on Windows can hold the file write lock).
    • Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
  • Date:
    • Fixed bug #80047 (DatePeriod doesn't warn with custom DateTimeImmutable).
  • DBA:
    • Fixed LMDB driver hanging when attempting to delete a non-existing key.
  • FPM:
    • Fixed zlog message prepend, free on incorrect address.
    • Fixed possible double free on configuration loading failure.
  • GD:
    • Fixed bug GH-8848 (imagecopyresized() error refers to the wrong argument).
  • Intl:
    • Fixed build for ICU 69.x and onwards.
  • OPcache:
    • Fixed bug GH-8847 (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
  • Standard:
    • Fixed the crypt_sha256/512 api build with clang > 12.
    • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.

Version 8.0.21

  • Core:
    • Fixed potential use after free in php_binary_init().
  • CLI:
    • Fixed GH-8827 (Intentionally closing std handles no longer possible).
  • COM:
    • Fixed bug GH-8778 (Integer arithmethic with large number variants fails).
  • Curl:
    • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
  • Date:
    • Fixed bug #74671 (DST timezone abbreviation has incorrect offset).
    • Fixed bug #77243 (Weekdays are calculated incorrectly for negative years).
    • Fixed bug #78139 (timezone_open accepts invalid timezone string argument).
  • FPM:
    • Fixed bug #67764 (fpm: syslog.ident don't work).
  • MBString:
    • Fixed bug GH-8685 (pcre not ready at mbstring startup).
  • ODBC:
    • Fixed handling of single-key connection strings.
  • OpenSSL:
    • Fixed bug #50293 (Several openssl functions ignore the VCWD).
    • Fixed bug #81713 (NULL byte injection in several OpenSSL functions working with certificates).
  • PDO_ODBC:
    • Fixed errorInfo() result on successful PDOStatement->execute().
    • Fixed handling of single-key connection strings.
  • Zip:
    • Fixed bug GH-8781 (ZipArchive::close deletes zip file without updating stat cache).

Version 8.0.20

  • CLI:
    • Fixed bug GH-8575 (CLI closes standard streams too early).
  • Core:
    • Fixed Haiku ZTS builds.
  • Date:
    • Fixed bug GH-8471 (Segmentation fault when converting immutable and mutable DateTime instances created using reflection).
  • FPM:
    • Fixed ACL build check on MacOS.
    • Fixed bug #72185: php-fpm writes empty fcgi record causing nginx 502.
  • Mysqlnd:
    • Fixed bug #81719: mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
  • OPcache:
    • Fixed bug GH-8466 (ini_get() is optimized out when the option does not exist).
  • Pcntl:
    • Fixed Haiku build.
  • Pgsql:
    • Fixed bug #81720: Uninitialized array in pg_query_params(). (CVE-2022-31625)
  • Soap:
    • Fixed bug GH-8578 (Error on wrong parameter on SoapHeader constructor).
    • Fixed bug GH-8538 (SoapClient may strip parts of nmtokens).
  • SPL:
    • Fixed bug GH-8235 (iterator_count() may run indefinitely).
  • Zip:
    • Fixed type for index in ZipArchive::replaceFile.

Version 8.0.19

  • Core:
    • Fixed bug GH-8289 (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
  • Date:
    • Fixed bug GH-7979 (DatePeriod iterator advances when checking if valid).
  • FFI:
    • Fixed bug GH-8433 (Assigning function pointers to structs in FFI leaks).
  • FPM:
    • Fixed bug #76003 (FPM /status reports wrong number of active processe).
    • Fixed bug #77023 (FPM cannot shutdown processes).
    • Fixed comment in kqueue remove callback log message.
  • Iconv:
    • Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).
  • Intl:
    • Fixed bug GH-8364 (msgfmt_format $values may not support references).
  • MySQLi:
    • Fixed bug GH-8267 (MySQLi uses unsupported format specifier on Windows).
  • SPL:
    • Fixed bug GH-8366 (ArrayIterator may leak when calling __construct()).
    • Fixed bug GH-8273 (SplFileObject: key() returns wrong value).
  • Streams:
    • Fixed php://temp does not preserve file-position when switched to temporary file.
  • zlib:
    • Fixed bug GH-8218 (ob_end_clean does not reset Content-Encoding header).

Version 8.0.18

  • Core:
    • Fixed freeing of internal attribute arguments.
    • Fixed bug GH-8070 (memory leak of internal function attribute hash).
    • Fixed bug GH-8160 (ZTS support on Alpine is broken).
  • Filter:
    • Fixed signedness confusion in php_filter_validate_domain().
  • Intl:
    • Fixed bug GH-8142 (Compilation error on cygwin).
  • MBString:
    • Fixed bug GH-8208 (mb_encode_mimeheader: $indent functionality broken).
  • MySQLi:
    • Fixed bug GH-8068 (mysqli_fetch_object creates inaccessible properties).
  • Pcntl:
    • Fixed bug GH-8142 (Compilation error on cygwin).
  • PgSQL:
    • Fixed result_type related stack corruption on LLP64 architectures.
    • Fixed bug GH-8253 (pg_insert() fails for references).
  • Sockets:
    • Fixed Solaris builds.
  • SPL:
    • Fixed bug GH-8121 (SplFileObject - seek and key with csv file inconsistent).
  • Standard:
    • Fixed bug GH-8048 (Force macOS to use statfs).

Version 8.0.17

  • Core:
    • Fixed Haiku ZTS build.
  • GD:
    • Fixed libpng warning when loading interlaced images.
  • FPM:
    • Fixed bug #76109 (Unsafe access to fpm scoreboard).
  • Iconv:
    • Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).
    • Fixed bug GH-7980 (Unexpected result for iconv_mime_decode).
  • MySQLnd:
    • Fixed bug GH-8058 (NULL pointer dereference in mysqlnd package).
  • OPcache:
    • Fixed bug GH-8074 (Wrong type inference of range() result).
  • Reflection:
    • Fixed bug GH-8080 (ReflectionClass::getConstants() depends on def. order).
  • Zlib:
    • Fixed bug GH-7953 (ob_clean() only does not set Content-Encoding).

Version 8.0.16

  • Core:
    • Fixed bug #81430 (Attribute instantiation leaves dangling pointer).
    • Fixed bug GH-7896 (Environment vars may be mangled on Windows).
  • FFI:
    • Fixed bug GH-7867 (FFI::cast() from pointer to array is broken).
  • Filter:
    • Fix #81708: UAF due to php_filter_float() failing for ints.
  • FPM:
    • Fixed memory leak on invalid port.
  • MBString:
    • Fixed bug GH-7902 (mb_send_mail may delimit headers with LF only).
  • MySQLnd:
    • Fixed bug GH-7972 (MariaDB version prefix 5.5.5- is not stripped).
  • Sockets:
    • Fixed ext/sockets build on Haiku.
    • Fixed bug GH-7978 (sockets extension compilation errors).
  • Standard:
    • Fixed bug GH-7875 (mails are sent even if failure to log throws exception).

Version 8.0.15

  • Core:
    • Fixed bug #81656 (GCC-11 silently ignores -R).
    • Fixed bug #81585 (cached_chunks are not counted to real_size on shutdown).
  • Filter:
    • Fixed FILTER_FLAG_NO_RES_RANGE flag.
  • Hash:
    • Fixed bug GH-7759 (Incorrect return types for hash() and hash_hmac()).
    • Fixed bug GH-7826 (Inconsistent argument name in hash_hmac_file and hash_file).
  • MySQLnd:
    • Fixed bug where large bigints may be truncated.
  • OCI8:
    • Fixed bug GH-7765 (php_oci_cleanup_global_handles segfaults at second call).
  • OPcache:
    • Fixed bug #81679 (Tracing JIT crashes on reattaching).
  • PDO_PGSQL:
    • Fixed error message allocation of PDO PgSQL.
  • Sockets:
    • Avoid void* arithmetic in sockets/multicast.c on NetBSD.
  • Spl:
    • Fixed bug #75917 (SplFileObject::seek broken with CSV flags).

Version 8.0.14

  • Core:
    • Fixed bug #81582 (Stringable not implicitly declared if __toString() came from a trait).
    • Fixed bug #81591 (Fatal Error not properly logged in particular cases).
    • Fixed bug #81626 (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
    • Fixed bug #81631 (::class with dynamic class name may yield wrong line number).
  • FPM:
    • Fixed bug #81513 (Future possibility for heap overflow in FPM zlog).
  • GD:
    • Fixed bug #71316 (libpng warning from imagecreatefromstring).
  • IMAP:
    • Fixed bug #81649 (imap_(un)delete accept sequences, not single numbers).
  • OpenSSL:
    • Fixed bug #75725 (./configure: detecting RAND_egd).
  • PCRE:
    • Fixed bug #74604 (Out of bounds in php_pcre_replace_impl).
  • SPL:
    • Fixed bug #81587 (MultipleIterator Segmentation fault w/ SimpleXMLElement attached).
  • Standard:
    • Fixed bug #81618 (dns_get_record fails on FreeBSD for missing type).
    • Fixed bug #81659 (stream_get_contents() may unnecessarily overallocate).

Version 8.0.13

  • Core:
    • Fixed bug #81518 (Header injection via default_mimetype / default_charset).
  • Date:
    • Fixed bug #81500 (Interval serialization regression since 7.3.14 / 7.4.2).
  • DBA:
    • Fixed bug #81588 (TokyoCabinet driver leaks memory).
  • MBString:
    • Fixed bug #76167 (mbstring may use pointer from some previous request).
  • Opcache:
    • Fixed bug #81512 (Unexpected behavior with arrays and JIT).
  • PCRE:
    • Fixed bug #81424 (PCRE2 10.35 JIT performance regression).
  • XML:
    • Fixed bug #79971 (special character is breaking the path in xml function). (CVE-2021-21707)
  • XMLReader:
    • Fixed bug #81521 (XMLReader::getParserProperty may throw with a valid property).

Version 8.0.12

  • CLI:
    • Fixed bug #81496 (Server logs incorrect request method).
  • Core:
    • Fixed bug #81435 (Observer current_observed_frame may point to an old (overwritten) frame).
    • Fixed bug #81380 (Observer may not be initialized properly).
  • DOM:
    • Fixed bug #81433 (DOMElement::setIdAttribute() called twice may remove ID).
  • FFI:
    • Fixed bug #79576 ("TYPE *" shows unhelpful message when type is not defined).
  • FPM:
    • Fixed bug #81026 (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
  • Fileinfo:
    • Fixed bug #78987 (High memory usage during encoding detection).
  • Filter:
    • Fixed bug #61700 (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
  • Opcache:
    • Fixed bug #81472 (Cannot support large linux major/minor device number when read /proc/self/maps).
  • Reflection:
    • ReflectionAttribute is no longer final.
  • SPL:
    • Fixed bug #80663 (Recursive SplFixedArray::setSize() may cause double-free).
    • Fixed bug #81477 (LimitIterator + SplFileObject regression in 8.0.1).
  • Standard:
    • Fixed bug #69751 (Change Error message of sprintf/printf for missing/typo position specifier).
  • Streams:
    • Fixed bug #81475 (stream_isatty emits warning with attached stream wrapper).
  • XML:
    • Fixed bug #70962 (XML_OPTION_SKIP_WHITE strips embedded whitespace).
  • Zip:
    • Fixed bug #81490 (ZipArchive::extractTo() may leak memory).
    • Fixed bug #77978 (Dirname ending in colon unzips to wrong dir).

Version 8.0.11

  • Core:
    • Fixed bug #81302 (Stream position after stream filter removed).
    • Fixed bug #81346 (Non-seekable streams don't update position after write).
    • Fixed bug #73122 (Integer Overflow when concatenating strings).
  • GD:
    • Fixed bug #53580 (During resize gdImageCopyResampled cause colors change).
  • Opcache:
    • Fixed bug #81353 (segfault with preloading and statically bound closure).
  • Shmop:
    • Fixed bug #81407 (shmop_open won't attach and causes php to crash).
  • Standard:
    • Fixed bug #71542 (disk_total_space does not work with relative paths).
    • Fixed bug #81400 (Unterminated string in dns_get_record() results).
  • SysVMsg:
    • Fixed bug #78819 (Heap Overflow in msg_send).
  • XML:
    • Fixed bug #81351 (xml_parse may fail, but has no error code).
  • Zip:
    • Fixed bug #80833 (ZipArchive::getStream doesn't use setPassword).
    • Fixed bug #81420 (ZipArchive::extractTo extracts outside of destination).

Version 8.0.10

  • Core:
    • Fixed bug #72595 (php_output_handler_append illegal write access).
    • Fixed bug #66719 (Weird behaviour when using get_called_class() with call_user_func()).
    • Fixed bug #81305 (Built-in Webserver Drops Requests With "Upgrade" Header).
  • BCMath:
    • Fixed bug #78238 (BCMath returns "-0").
  • CGI:
    • Fixed bug #80849 (HTTP Status header truncation).
  • Date:
    • Fixed bug #64975 (Error parsing when AM/PM not at the end).
    • Fixed bug #78984 (DateTimeZone accepting invalid UTC timezones).
    • Fixed bug #79580 (date_create_from_format misses leap year).
    • Fixed bug #80409 (DateTime::modify() loses time with 'weekday' parameter).
  • GD:
    • Fixed bug #51498 (imagefilledellipse does not work for large circles).
  • MySQLi:
    • Fixed bug #74544 (Integer overflow in mysqli_real_escape_string()).
  • Opcache:
    • Fixed bug #81225 (Wrong result with pow operator with JIT enabled).
    • Fixed bug #81249 (Intermittent property assignment failure with JIT enabled).
    • Fixed bug #81206 (Multiple PHP processes crash with JIT enabled).
    • Fixed bug #81272 (Segfault in var[] after array_slice with JIT).
    • Fixed bug #81255 (Memory leak in PHPUnit with functional JIT).
    • Fixed bug #80959 (Infinite loop in building cfg during JIT compilation) (Nikita, Dmitry)
    • Fixed bug #81226 (Integer overflow behavior is different with JIT enabled).
  • OpenSSL:
    • Fixed bug #81327 (Error build openssl extension on php 7.4.22).
  • PDO_ODBC:
    • Fixed bug #81252 (PDO_ODBC doesn't account for SQL_NO_TOTAL).
  • Phar:
    • Fixed bug #81211: Symlinks are followed when creating PHAR archive
  • Shmop:
    • Fixed bug #81283 (shmop can't read beyond 2147483647 bytes).
  • SimpleXML:
    • Fixed bug #81325 (Segfault in zif_simplexml_import_dom).
  • Standard:
    • Fixed bug #72146 (Integer overflow on substr_replace).
    • Fixed bug #81265 (getimagesize returns 0 for 256px ICO images).
    • Fixed bug #74960 (Heap buffer overflow via str_repeat).
  • Streams:
    • Fixed bug #81294 (Segfault when removing a filter).

Version 8.0.9

  • Core:
    • Fixed bug #81145 (copy() and stream_copy_to_stream() fail for +4GB files).
    • Fixed bug #81163 (incorrect handling of indirect vars in __sleep).
    • Fixed bug #81159 (Object to int warning when using an object as a string offset).
    • Fixed bug #80728 (PHP built-in web server resets timeout when it can kill the process).
    • Fixed bug #73630 (Built-in Webserver - overwrite $_SERVER['request_uri']).
    • Fixed bug #80173 (Using return value of zend_assign_to_variable() is not safe).
    • Fixed bug #73226 (--r[fcez] always return zero exit code).
  • Intl:
    • Fixed bug #72809 (Locale::lookup() wrong result with canonicalize option).
    • Fixed bug #68471 (IntlDateFormatter fails for "GMT+00:00" timezone).
    • Fixed bug #74264 (grapheme_strrpos() broken for negative offsets).
  • OpenSSL:
    • Fixed bug #52093 (openssl_csr_sign truncates $serial).
  • PCRE:
    • Fixed bug #81101 (PCRE2 10.37 shows unexpected result).
    • Fixed bug #81243 (Too much memory is allocated for preg_replace()).
  • Reflection:
    • Fixed bug #81208 (Segmentation fault while create newInstance from attribute).
  • Standard:
    • Fixed bug #81223 (flock() only locks first byte of file).

Version 8.0.8

  • Core:
    • Fixed bug #81076 (incorrect debug info on Closures with implicit binds).
    • Fixed bug #81068 (Double free in realpath_cache_clean()).
    • Fixed bug #76359 (open_basedir bypass through adding "..").
    • Fixed bug #81090 (Typed property performance degradation with .= operator).
    • Fixed bug #81070 (Integer underflow in memory limit comparison).
    • Fixed bug #81122 (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
  • Bzip2:
    • Fixed bug #81092 (fflush before stream_filter_remove corrupts stream).
  • Fileinfo:
    • Fixed bug #80197 (implicit declaration of function 'magic_stream' is invalid).
  • GMP:
    • Fixed bug #81119 (GMP operators throw errors with wrong parameter names).
  • OCI8:
    • Fixed bug #81088 (error in regression test for oci_fetch_object() and oci_fetch_array()).
  • Opcache:
    • Fixed bug #81051 (Broken property type handling after incrementing reference).
    • Fixed bug #80968 (JIT segfault with return from required file).
  • OpenSSL:
    • Fixed bug #76694 (native Windows cert verification uses CN as server name).
  • MySQLnd:
    • Fixed bug #80761 (PDO uses too much memory).
  • PDO_Firebird:
    • Fixed bug #76448 (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
    • Fixed bug #76449 (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
    • Fixed bug #76450 (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
    • Fixed bug #76452 (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
  • readline:
    • Fixed bug #72998 (invalid read in readline completion).
  • Standard:
    • Fixed bug #81048 (phpinfo(INFO_VARIABLES) "Array to string conversion").
    • Fixed bug #77627 (method_exists on Closure::__invoke inconsistency).
  • Windows:
    • Fixed bug #81120 (PGO data for main PHP DLL are not used).

Version 8.0.7

  • Core:
    • Fixed bug #80960 (opendir() warning wrong info when failed on Windows).
    • Fixed bug #67792 (HTTP Authorization schemes are treated as case-sensitive).
    • Fixed bug #80972 (Memory exhaustion on invalid string offset).
  • FPM:
    • Fixed bug #65800 (Events port mechanism).
  • FTP:
    • Fixed bug #80901 (Info leak in ftp extension).
    • Fixed bug #79100 (Wrong FTP error messages).
  • GD:
    • Fixed bug #81032 (GD install is affected by external libgd installation).
  • Intl:
    • Fixed bug #81019 (Unable to clone NumberFormatter after failed parse()).
  • MBString:
    • Fixed bug #81011 (mb_convert_encoding removes references from arrays).
  • ODBC:
    • Fixed bug #80460 (ODBC doesn't account for SQL_NO_TOTAL indicator).
  • Opcache:
    • Fixed bug #81007 (JIT "not supported" on 32-bit x86 -- build problem?).
    • Fixed bug #81015 (Opcache optimization assumes wrong part of ternary operator in if-condition).
    • Fixed bug #81046 (Literal compaction merges non-equal related literals).
  • PDO_MySQL:
    • Fixed bug #81037 (PDO discards error message text from prepared statement).
  • PDO_ODBC:
    • Fixed bug #44643 (bound parameters ignore explicit type definitions).
  • pgsql:
    • Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
  • SPL:
    • Fixed bug #80933 (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
  • XMLReader:
    • Fixed bug #73246 (XMLReader: encoding length not checked).
  • Zip:
    • Fixed bug #80863 (ZipArchive::extractTo() ignores references).

Version 8.0.6

  • PDO_pgsql:
    • Revert "Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"

Version 8.0.5

  • Core:
    • Fixed bug #75776 (Flushing streams with compression filter is broken).
    • Fixed bug #80811 (Function exec without $output but with $restult_code parameter crashes).
    • Fixed bug #80814 (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).
    • Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.
  • Dba:
    • Fixed bug #80817 (dba_popen() may cause segfault during RSHUTDOWN).
  • DOM:
    • Fixed bug #66783 (UAF when appending DOMDocument to element).
  • FFI:
    • Fixed bug #80847 (CData structs with fields of type struct can't be passed as C function argument).
  • FPM:
    • Fixed bug #80024 (Duplication of info about inherited socket after pool removing).
  • FTP:
    • Fixed bug #80880 (SSL_read on shutdown, ftp/proc_open).
  • IMAP:
    • Fixed bug #80800 (imap_open() fails when the flags parameter includes CL_EXPUNGE).
    • Fixed bug #80710 (imap_mail_compose() header injection).
  • Intl:
    • Fixed bug #80763 (msgfmt_format() does not accept DateTime references).
  • LibXML:
    • Fixed bug #73533 (Invalid memory access in php_libxml_xmlCheckUTF8).
    • Fixed bug #51903 (simplexml_load_file() doesn't use HTTP headers).
  • MySQLnd:
    • Fixed bug #80837 (Calling stmt_store_result after fetch doesn't throw an error).
  • Opcache:
    • Fixed bug #80839 (PHP problem with JIT).
    • Fixed bug #80861 (erronous array key overflow in 2D array with JIT).
    • Fixed bug #80786 (PHP crash using JIT).
    • Fixed bug #80782 (DASM_S_RANGE_VREG on PHP_INT_MIN-1).
  • Pcntl:
    • Fixed bug #79812 (Potential integer overflow in pcntl_exec()).
  • PCRE:
    • Fixed bug #80866 (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
  • PDO_ODBC:
    • Fixed bug #80783 (PDO ODBC truncates BLOB records at every 256th byte).
  • PDO_pgsql:
    • Fixed bug #80892 (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
  • Session:
    • Fixed bug #80889 (Cannot set save handler when save_handler is invalid).
    • Fixed bug #80774 (session_name() problem with backslash).
  • SOAP:
    • Fixed bug #69668 (SOAP special XML characters in namespace URIs not encoded).
  • Standard:
    • Fixed bug #80915 (Taking a reference to $_SERVER hides its values from phpinfo()).
    • Fixed bug #80914 ('getdir' accidentally defined as an alias of 'dir').
    • Fixed bug #80771 (phpinfo(INFO_CREDITS) displays nothing in CLI).
    • Fixed bug #78719 (http wrapper silently ignores long Location headers).
    • Fixed bug #80838 (HTTP wrapper waits for HTTP 1 response after HTTP 101).
  • Zip:
    • Fixed bug #80825 (ZipArchive::isCompressionMethodSupported does not exist).

Version 8.0.3

  • Core:
    • Fixed bug #80706 (mail(): Headers after Bcc headers may be ignored).
  • DOM:
    • Fixed bug #80600 (DOMChildNode::remove() doesn't work on CharacterData nodes).
  • Gettext:
    • Fixed bug #53251 (bindtextdomain with null dir doesn't return old value).
  • MySQLnd:
    • Fixed bug #78680 (mysqlnd's mysql_clear_password does not transmit null-terminated password).
    • Fixed bug #80713 (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
  • MySQLi:
    • Fixed bug #74779 (x() and y() truncating floats to integers).
  • Opcache:
    • Fixed bug #80634 (write_property handler of internal classes is skipped on preloaded JITted code).
    • Fixed bug #80682 (opcache doesn't honour pcre.jit option).
    • Fixed bug #80742 (Opcache JIT makes some boolean logic unexpectedly be true).
    • Fixed bug #80745 (JIT produces Assert failure and UNKNOWN:0 var_dumps in code involving bitshifts).
  • OpenSSL:
    • Fixed bug #80747 (Providing RSA key size < 512 generates key that crash PHP).
  • Phar:
    • Fixed bug #75850 (Unclear error message wrt. __halt_compiler() w/o semicolon)
    • Fixed bug #70091 (Phar does not mark UTF-8 filenames in ZIP archives).
    • Fixed bug #53467 (Phar cannot compress large archives).
  • Socket:
    • Fixed bug #80723 (Different sockets compare as equal (regression in 8.0)).
  • SPL:
    • Fixed bug #80719 (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
  • Standard:
    • Fixed bug #80654 (file_get_contents() maxlen fails above (2**31)-1 bytes).
    • Fixed bug #80718 (ext/standard/dl.c fallback code path with syntax error).

Version 8.0.2

  • Core:
    • Fixed bug #80523 (bogus parse error on >4GB source code).
    • Fixed bug #80384 (filter buffers entire read until file closed).
    • Fixed bug #80596 (Invalid union type TypeError in anonymous classes).
    • Fixed bug #80617 (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
  • BCMath:
    • Fixed bug #80545 (bcadd('a', 'a') doesn't throw an exception).
  • Curl:
    • Fixed bug #80595 (Resetting POSTFIELDS to empty array breaks request).
  • Date:
    • Fixed bug #80376 (last day of the month causes runway cpu usage).
  • DOM:
    • Fixed bug #80537 (Wrong parameter type in DOMElement::removeAttributeNode stub).
  • Filter:
    • Fixed bug #80584 (0x and 0X are considered valid hex numbers by filter_var()).
  • GMP:
    • Fixed bug #80560 (Strings containing only a base prefix return 0 object).
  • Intl:
    • Fixed bug #80644 (Missing resource causes subsequent get() calls to fail).
  • MySQLi:
    • Fixed bug #67983 (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
    • Fixed bug #64638 (Fetching resultsets from stored procedure with cursor fails).
    • Fixed bug #72862 (segfault using prepared statements on stored procedures that use a cursor).
    • Fixed bug #77935 (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
  • ODBC:
    • Fixed bug #80592 (all floats are the same in ODBC parameters).
  • Opcache:
    • Fixed bug #80422 (php_opcache.dll crashes when using Apache 2.4 with JIT).
  • PDO_Firebird:
    • Fixed bug #80521 (Parameters with underscores no longer recognized).
  • Phar:
    • Fixed bug #76929 (zip-based phar does not respect phar.require_hash).
    • Fixed bug #77565 (Incorrect locator detection in ZIP-based phars).
    • Fixed bug #69279 (Compressed ZIP Phar extractTo() creates garbage files).
  • Phpdbg:
    • Reverted fix for bug #76813 (Access violation near NULL on source operand).
  • SOAP:
    • Fixed bug #80672 (Null Dereference in SoapClient). (CVE-2021-21702)

Version 8.0.1

  • Core:
    • Fixed bug #80345 (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
    • Fixed bug #72964 (White space not unfolded for CC/Bcc headers).
    • Fixed bug #80391 (Iterable not covariant to mixed).
    • Fixed bug #80393 (Build of PHP extension fails due to configuration gap with libtool).
    • Fixed bug #77069 (stream filter loses final block of data).
  • Fileinfo:
    • Fixed bug #77961 (finfo_open crafted magic parsing SIGABRT).
  • FPM:
    • Fixed bug #69625 (FPM returns 200 status on request without SCRIPT_FILENAME env).
  • IMAP:
    • Fixed bug #80438 (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
    • Fix a regression with valid UIDs in imap_savebody().
    • Make warnings for invalid message numbers/UIDs between functions consistent.
  • Intl:
    • Fixed bug #80425 (MessageFormatAdapter::getArgTypeList redefined).
  • Opcache:
    • Fixed bug #80404 (Incorrect range inference result when division results in float).
    • Fixed bug #80377 (Opcache misses executor_globals).
    • Fixed bug #80433 (Unable to disable the use of the AVX command when using JIT).
    • Fixed bug #80447 (Strange out of memory error when running with JIT).
    • Fixed bug #80480 (Segmentation fault with JIT enabled).
    • Fixed bug #80506 (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
  • OpenSSL:
    • Fixed bug #80368 (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
  • PDO MySQL:
    • Fixed bug #80458 (PDOStatement::fetchAll() throws for upsert queries).
    • Fixed bug #63185 (nextRowset() ignores MySQL errors with native prepared statements).
    • Fixed bug #78152 (PDO::exec() - Bad error handling with multiple commands).
    • Fixed bug #66878 (Multiple rowsets not returned unless PDO statement object is unset()).
    • Fixed bug #70066 (Unexpected "Cannot execute queries while other unbuffered queries").
    • Fixed bug #71145 (Multiple statements in init command triggers unbuffered query error).
    • Fixed bug #76815 (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
    • Fixed bug #79872 (Can't execute query with pending result sets).
    • Fixed bug #79131 (PDO does not throw an exception when parameter values are missing).
    • Fixed bug #72368 (PdoStatement->execute() fails but does not throw an exception).
    • Fixed bug #62889 (LOAD DATA INFILE broken).
    • Fixed bug #67004 (Executing PDOStatement::fetch() more than once prevents releasing resultset).
    • Fixed bug #79132 (PDO re-uses parameter values from earlier calls to execute()).
  • Phar:
    • Fixed bug #73809 (Phar Zip parse crash - mmap fail).
    • Fixed bug #75102 (`PharData` says invalid checksum for valid tar).
    • Fixed bug #77322 (PharData::addEmptyDir('/') Possible integer overflow).
  • Phpdbg:
    • Fixed bug #76813 (Access violation near NULL on source operand).
  • SPL:
    • Fixed bug #62004 (SplFileObject: fgets after seek returns wrong line).
  • Standard:
    • Fixed bug #80366 (Return Value of zend_fstat() not Checked).
    • Fixed bug #77423 (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
  • Tidy:
    • Fixed bug #77594 (ob_tidyhandler is never reset).
  • Tokenizer:
    • Fixed bug #80462 (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
  • XML:
    • XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
  • Zlib:
    • Fixed bug #48725 (Support for flushing in zlib stream).

Version 8.0.0

  • BZ2:
    • Fixed bug #71263 (fread() does not report bzip2.decompress errors).
  • CLI:
    • Allow debug server binding to an ephemeral port via `-S localhost:0`.
  • COM:
    • Fixed bug #55847 (DOTNET .NET 4.0 GAC new location).
    • Fixed bug #62474 (com_event_sink crashes on certain arguments).
  • Calendar:
    • Fixed bug #80007 (Potential type confusion in unixtojd() parameter parsing).
  • Core:
    • Fixed bug #36365 (scandir duplicates file name at every 65535th file).
    • Fixed bug #49555 (Fatal error "Function must be a string" message should be renamed).
    • Fixed bug #62294 (register_shutdown_function() does not correctly handle exit code).
    • Fixed bug #62609 (Allow implementing Traversable on abstract classes).
    • Fixed bug #65274 (Enhance undefined class constant error with class name).
    • Fixed bug #65275 (Calling exit() in a shutdown function does not change the exit value in CLI).
    • Fixed bug #69084 (Unclear error message when not implementing a renamed abstract trait function).
    • Fixed bug #70839 (Converting optional argument to variadic forbidden by LSP checks).
    • Fixed bug #74558 (Can't rebind closure returned by Closure::fromCallable()).
    • Fixed bug #77561 (Shebang line not stripped for non-primary script).
    • Fixed bug #77619 (Wrong reflection on MultipleIterator::__construct).
    • Fixed bug #77966 (Cannot alias a method named "namespace").
    • Fixed bug #78236 (convert error on receiving variables when duplicate [).
    • Fixed bug #78770 (Incorrect callability check inside internal methods).
    • Fixed bug #79108 (Referencing argument in a function makes it a reference in the stack trace).
    • Fixed bug #79368 ("Unexpected end of file" is not an acceptable error message).
    • Fixed bug #79462 (method_exists and property_exists incoherent behavior).
    • Fixed bug #79467 (data:// wrappers are writable).
    • Fixed bug #79521 (Check __set_state structure).
    • Fixed bug #79790 ("Illegal offset type" exception during AST evaluation not handled properly).
    • Fixed bug #79791 (Assertion failure when unsetting variable during binary op).
    • Fixed bug #79828 (Segfault when trying to access non-existing variable).
    • Fixed bug #79841 (Syntax error in configure / unescaped "[]" in php.m4).
    • Fixed bug #79852 (count(DOMNodeList) doesn't match count(IteratorIterator(DOMNodeList))).
    • Fixed bug #79867 (Promoted untyped properties should get null default value).
    • Fixed bug #79897 (Promoted constructor params with attribs cause crash).
    • Fixed bug #79927 (Generator doesn't throw exception after multiple yield from iterable).
    • Fixed bug #79946 (Build fails due to undeclared UINT32_C).
    • Fixed bug #79948 (Exit in auto-prepended file does not abort PHP execution).
    • Fixed bug #80045 (memleak after two set_exception_handler calls with __call).
    • Fixed bug #80096 (Segmentation fault with named arguments in nested call).
    • Fixed bug #80109 (Cannot skip arguments when extended debug is enabled).
    • Fixed bug #80225 (broken namespace usage in eval code).
    • Fixed bug #80258 (Windows Deduplication Enabled, randon permission errors).
    • Fixed bug #80280 (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
    • Fixed bug #80334 (assert() vs named parameters - confusing error).
    • Fixed bug #80055 (Abstract trait methods returning "self" cannot be fulfilled by traits).
    • Fixed faulty generator cleanup with yield from.
    • Implement #[Attr] Attribute syntax as per final vote in RFC https://wiki.php.net/rfc/shorter_attribute_syntax_change
    • Implemented FR #47074 (phpinfo() reports "On" as 1 for the some extensions).
    • Implemented FR #72089 (require() throws fatal error instead of exception).
    • Removed the pdo_odbc.db2_instance_name php.ini directive.
    • Use SSE2 instructions do locale independent strtolower.
  • Curl:
    • Bumped required libcurl version to 7.29.0.
    • Fixed bug #80121 (Null pointer deref if CurlHandle directly instantiated).
  • DOM:
    • Add property DOMXPath::$registerNodeNamespaces and constructor argument that allow global flag to configure query() or evaluate() calls.
    • Fixed bug #79968 (DOMChildNode API crash on unattached nodes).
    • Fixed bug #80268 (loadHTML() truncates at NUL bytes).
  • Date:
    • Fixed bug #60302 (DateTime::createFromFormat should new static(), not new self()).
    • Fixed bug #65547 (Default value for sunrise/sunset zenith still wrong).
    • Fixed bug #69044 (discrepancy between time and microtime).
    • Fixed bug #80057 (DateTimeImmutable::createFromFormat() does not populate time).
    • Implemented FR #79903 (datetime: new format "p", same as "P" but returning "Z" for UTC).
  • Enchant:
    • Add LIBENCHANT_VERSION macro.
    • Add enchant_dict_add and enchant_dict_is_added functions.
    • Deprecate enchant_broker_set_dict_path, enchant_broker_get_dict_path, enchant_dict_add_to_personal and enchant_dict_is_in_session.
    • Use libenchant-2 when available.
  • FFI:
    • Added FFI\CType::getName() method.
    • Fixed bug #79177 (FFI doesn't handle well PHP exceptions within callback).
    • Fixed bug #79749 (Converting FFI instances to bool fails).
  • FPM:
    • Add pm.status_listen option.
  • Fileinfo:
    • Upgrade to libmagic 5.39.
  • GD:
    • Added imagegetinterpolation().
    • Fixed bug #55005 (imagepolygon num_points requirement).
    • Made the $num_points parameter of php_imagepolygon optional.
    • Removed deprecated image2wbmp().
    • Removed deprecated png2wbmp() and jpeg2wbmp().
    • Replaced gd resources with objects.
  • IMAP:
    • Fixed bug #64076 (imap_sort() does not return FALSE on failure).
    • Fixed bug #76618 (segfault on imap_reopen).
    • Fixed bug #80213 (imap_mail_compose() segfaults on certain $bodies).
    • Fixed bug #80215 (imap_mail_compose() may modify by-val parameters).
    • Fixed bug #80216 (imap_mail_compose() does not validate types/encodings).
    • Fixed bug #80220 (imap_mail_compose() may leak memory).
    • Fixed bug #80223 (imap_mail_compose() leaks envelope on malformed bodies).
    • Fixed bug #80226 (imap_sort() leaks sortpgm memory).
    • Fixed bug #80239 (imap_rfc822_write_address() leaks memory).
    • Fixed bug #80242 (imap_mail_compose() segfaults for multipart with rfc822).
    • Fixed minor regression caused by fixing bug #80220.
  • Iconv:
    • Dropped support for iconv without proper errno setting.
  • Intl:
    • Removed deprecated INTL_IDNA_VARIANT_2003.
  • JIT:
    • Fixed bug #77857 (Wrong result if executed with JIT).
    • Fixed bug #79255 (PHP cannot be compiled with enable JIT).
    • Fixed bug #79582 (Crash seen when opcache.jit=1235 and opcache.jit_debug=2).
    • Fixed bug #79743 (Fatal error when assigning to array property with JIT enabled).
    • Fixed bug #79864 (JIT segfault in Symfony OptionsResolver).
    • Fixed bug #79888 (Incorrect execution with JIT enabled).
  • JSON:
    • The JSON extension is now an integral part of PHP and cannot be disabled as per RFC: https://wiki.php.net/rfc/always_enable_json (tandre)
  • LDAP:
    • Fixed memory leaks.
    • Removed deprecated ldap_sort.
  • MBString:
    • Fixed bug #76999 (mb_regex_set_options() return current options).
    • Removed the unused $is_hex parameter from mb_decode_numericentity().
  • MySQLi:
    • Fixed bug #76809 (SSL settings aren't respected when persistent connections are used).
  • Mysqlnd:
    • Fixed bug #60594 (mysqlnd exposes 160 lines of stats in phpinfo).
  • OCI8:
    • Deprecated old OCI8 function aliases.
    • Modernized oci_register_taf_callback() callable argument parsing implementation.
    • Removed obsolete no-op function oci_internal_debug().
  • ODBC:
    • Fixed bug #22986 (odbc_connect() may reuse persistent connection).
    • Fixed bug #44618 (Fetching may rely on uninitialized data).
  • Opcache:
    • Fixed bug #76535 (Opcache does not replay compile-time warnings).
    • Fixed bug #78654 (Incorrectly computed opcache checksum on files with non-ascii characters).
    • Fixed bug #79665 (ini_get() and opcache_get_configuration() inconsistency).
    • Fixed bug #80030 (Optimizer segfault with isset on static property with undef dynamic class name).
    • Fixed bug #80175 (PHP8 RC1 - JIT Buffer not working).
    • Fixed bug #80184 (Complex expression in while / if statements resolves to false incorrectly).
    • Fixed bug #80255 (Opcache bug (bad condition result) in 8.0.0rc1).
    • Fixed run-time binding of preloaded dynamically declared function.
  • OpenSSL:
    • Added Cryptographic Message Syntax (CMS) support.
  • PCRE:
    • Don't ignore invalid escape sequences.
    • Updated to PCRE2 10.35.
  • PDO:
    • Changed default PDO error mode to exceptions.
    • Fixed bug #77849 (Disable cloning of PDO handle/connection objects).
  • PDO_Firebird:
    • Fixed bug #64937 (Firebird PDO preprocessing sql).
  • PDO_OCI:
    • Added support for setting and getting the oracle OCI 18c call timeout.
  • PDO_PGSQL:
    • Bumped required libpq version to 9.1.
  • PGSQL:
    • Bumped required libpq version to 9.1.
  • Phpdbg:
    • Fixed bug #76596 (phpdbg support for display_errors=stderr).
    • Fixed bug #76801 (too many open files).
    • Fixed bug #77800 (phpdbg segfaults on listing some conditional breakpoints).
    • Fixed bug #77805 (phpdbg build fails when readline is shared).
  • Reflection:
    • Fixed bug #64592 (ReflectionClass::getMethods() returns methods out of scope).
    • Fixed bug #69180 (Reflection does not honor trait conflict resolution / method aliasing).
    • Fixed bug #74939 (Nested traits' aliased methods are lowercased).
    • Fixed bug #77325 (ReflectionClassConstant::$class returns wrong class when extending).
    • Fixed bug #78697 (ReflectionClass::implementsInterface - inaccurate error message with traits).
    • Fixed bug #80190 (ReflectionMethod::getReturnType() does not handle static as part of union type).
    • Fixed bug #80299 (ReflectionFunction->invokeArgs confused in arguments).
    • Fixed bug #80370 (getAttributes segfault on dynamic properties).
    • Implemented FR #79628 (Add $filter parameter for ReflectionClass::getConstants and ReflectionClass::getReflectionConstants) (carusogabriel)
    • Implement ReflectionProperty::hasDefaultValue and Reflection::getDefaultValue (beberlei)
  • SNMP:
    • Fixed bug #70461 (disable md5 code when it is not supported in net-snmp).
  • SPL:
    • Fixed bug #65006 (spl_autoload_register fails with multiple callables using self, same method).
    • Fixed bug #65387 (Circular references in SPL iterators are not garbage collected).
    • Fixed bug #71236 (Second call of spl_autoload_register() does nothing if it has no arguments).
    • Fixed bug #79987 (Memory leak in SplFileInfo because of missing zend_restore_error_handling()).
    • SplFixedArray is now IteratorAggregate rather than Iterator.
  • SQLite3:
    • Added SQLite3::setAuthorizer() and respective class constants.
  • Session:
    • Fixed bug #73529 (session_decode() silently fails on wrong input).
    • Fixed bug #78624 (session_gc return value for user defined session handlers).
  • Shmop:
    • Converted shmop resources to objects.
  • SimpleXML:
    • Fixed bug #63575 (Root elements are not properly cloned).
    • Fixed bug #75245 (Don't set content of elements with only whitespaces).
  • Sodium:
    • Fixed bug #77646 (sign_detached() strings not terminated).
  • Standard:
    • Don't force rebuild of symbol table, when populating $http_response_header variable by the HTTP stream wrapper.
    • Fixed bug #47983 (mixed LF and CRLF line endings in mail()).
    • Fixed bug #64060 (lstat_stat_variation7.phpt fails on certain file systems).
    • Fixed bug #75902 (str_replace should warn when misused with nested arrays).
    • Fixed bug #76859 (stream_get_line skips data if used with data-generating filter).
    • Fixed bug #77204 (getimagesize(): Read error! should mention file path).
    • Fixed bug #78385 (parse_url() does not include 'query' when question mark is the last char).
    • Fixed bug #79868 (Sorting with array_unique gives unwanted result).
    • Fixed bug #80256 (file_get_contents strip first line with chunked encoding redirect).
    • Fixed bug #80266 (parse_url silently drops port number 0).
    • Fixed bug #80290 (Double free when ASSERT_CALLBACK is used with a dynamic message).
    • Implemented FR #78638 (__PHP_Incomplete_Class should be final).
    • Made quoting of cmd execution functions consistent.
  • Tidy:
    • Removed the unused $use_include_path parameter from tidy_repair_string().
  • Tokenizer:
    • Fixed bug #80328 (PhpToken::getAll() confusing name).
  • XML:
    • Fixed bug #76874 (xml_parser_free() should never leak memory).
  • XMLWriter:
    • Changed functions to accept/return XMLWriter objects instead of resources.
    • Implemented FR #79344 (xmlwriter_write_attribute_ns: $prefix should be nullable).
    • Removed return types from XMLWriter stubs.
  • Zip:
    • Add "flags" options to ZipArchive::addGlob and addPattern methods keeping previous behavior having FL_OVERWRITE by default.
    • Add ZipArchive::EM_UNKNOWN and ZipArchive::EM_TRAD_PKWARE constants.
    • Add ZipArchive::isCompressionMethodSupported() and ZipArchive::isEncryptionMethodSupported() method (libzip 1.7.0).
    • Add ZipArchive::replaceFile() method.
    • Add ZipArchive::setCancelCallback method (since libzip 1.6.0).
    • Add ZipArchive::setMtimeName and ZipArchive::setMtimeIndex methods.
    • Add ZipArchive::setProgressCallback method (since libzip 1.3.0).
    • Add lastId property to ZipArchive.
    • Add optional "flags" parameter to ZipArchive::addEmptyDir, addFile and addFromString methods.
    • Fixed bug #50678 (files extracted by ZipArchive class lost their original modified time).
    • Fixed bug #72374 (remove_path strips first char of filename).
    • Implemented FR #77960 (add compression / encryption options for ZipArchive::addGlob and ZipArchive::addPattern).
    • ZipArchive::status and ZipArchive::statusSys properties and ZipArchive::getStatusString() method stay valid after the archive is closed.
  • Zlib:
    • Fixed bug #71417 (fread() does not report zlib.inflate errors).
    • Fixed bug #78792 (zlib.output_compression disabled by Content-Type: image/).
To Top