PHP 8.0.0rc1

PHP is a scripting language primarily suited for web applications. It's organically grown into a full-featured programming language, with huge semantic progress in recent years (apart from the namespace separator choice). Many features and extensions come built-in or can be dynamically loaded. Database interfaces, XML processing, regular expressions, networking and broad internet protocol support, IPC, internationalization, image manipulation, filesystem, contemporary cryptography support, file and data format support make the Zend-based PHP.net distribution the most general-purpose PHP runtime.

Tags php scripting programming-language web
License PHPL
State stable

Recent Releases

8.0.0rc130 Sep 2020 05:25 minor feature: Drop skipifemb.inc . some tests for libmysql. . Set-up IMAP in Azure. . IMAP tests. . Add system ID entropy API. . Adjust the order of method modifiers in stub. . UNKNOWN default value of apache_note(). . Separate Closure::bind() implementations. . mysqli build with mysqlnd and without PDO. . mysqli build with mysqlnd and without PDO. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . Only check linking in PHP_TEST_BUILD. . : parse_url does not accept URLs with port 0. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4' into master. . Consolidate the usage of "either" and "one of" in error messages. . Update README for how to setup IMAP tests. . Add support for `@implementation-alias` in stubs. . : Erroneous whitespace match with JIT only. . Merge branch 'PHP-7.4' into master. . Initialize attributes for internal functions. . memory leak in php_imap_mutf7(). . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4' into master. . Deprecate pgsql function aliases. . Standardize mbstring and string on using 'string' as a parameter name. . Use assertion for null-termination string. . detection of code outside namespace. . Move arm64 job to cron. . Improve default value handling of Exception constructors. . Use proper parameter type in Closure::bindTo() signature. . Remove unnecessary check. . Assert on unknown list entry type. . Synchronize GET_CLASS/GET_CALLED_CLASS opcodes with functions. . Promote warnings to Error in COM extension. . Remove dead code. . Promote PDORow property write to Error. . pg_unescape_bytea() can only fail on OOM. . Drop some connection retries in IMAP test. . a few Iterator signatures. . mmap copying. . Merge branch 'PHP-7.4' into master. . Check linker compatibility directly from HMODULE. . Remove redundant check. . Promote invalid field to ValueError in pgsql. . Make constant redeclaration a warning. . Convert exception instanceof checks to assertions. . Throw
8.0.0beta416 Sep 2020 03:15 minor feature: Avoid null pointer UB in accel blacklist . FE_FETCH_R_SIMPLE specialization. . Prepend compiler warning flags to CFLAG instead to append them. . Merge branch 'PHP-7.4'. . Eliminate some EX_CALL_INFO() checks. . Add more precise type info for stubs. . Eliminate useless EG(exception) checks aftr FE_RESET/FE_FETCH. . Add zend_observer API. . Update NEWS for PHP 8.0.0beta3. . Update NEWS for 8.0.0rc1. . Assert there are children in zend_generator_get_child(). . Disable ifunc resolvers under dataflow sanitizer. . Preallocate zval for unused result of internal function on CPU stack. . Merge branch 'PHP-7.4'. . by-ref list assign LIST_W+MAKE_REF separation. . Minimal JIT support for JMP_NULL. . Merge branch 'PHP-7.4'. . Move custom type checks to ZPP. . Improved JIT for VERIFY_RETURN_TYPE. . Added missing helper. . typo in test description. . X86: Fast CRC32 computation using PCLMULQDQ instruction. . Micro-optimization. . Merge branch 'PHP-7.4'. . Extend function blacklist in execute fuzzer. . hash: warning in the bench script. . libmagic: Move the allocation on the stack. . libmagic: Constify arg. . JIT for FE_FETCH_R.
8.0.0beta303 Sep 2020 17:05 minor feature: Update NEWS for PHP 8.0.0beta2 . Update NEWS for 8.0.0beta3. . : SoapClient stumbles over WSDL delivered with "Transfer-En . . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . Promote warnings to exceptions in ext/pspell. . register allocation for CASE instruction. CASE don't destroy fi . . Check for exception after this destruction. . more basic function stubs. . memory leak (ext/hash/tests/mhash_001.phpt failure). . : Manipulation on unattached DOMChildNode should throw DOME . . Update NEWS w.r.t to. tracing JIT crash in case SSA for op_array is not provided. . Shrink live intervals of IS_VAR/IS_TMP_VAR. . Load zval type into register to eliminate double load. . Promote warnings to exceptions in ext/gd. . micro-optimization. . efree() doesn't use line number arguments (pass zeros). . cleanup unused parameters. . Better registers usage. . Better register usage for ASSIGN_DIM_OP. . OCI8 classes were already renamed in 8; this now follows the new-new . . ensure installed ini don't interfere. . wrong datatype. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4' into master. . sqlite3 linkage on some systems/package combination. . Merge branch 'PHP-7.4' into master. . fileinfo build proposal for haiku. . Squash a Linux compile warning. . : Potential type confusion in unixtojd() parameter parsing. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4' into master. . : DOTNET.NET 4.0 GAC new location. . Update PHP-Parser from 4.3.0 to 4.9.0. . Remove custom hacks from gen_stub.php after PHP-Parser upgrade. . use-after-free introduced by aed1f78. . sapi/fpm/config.m4: check for libapparmor's aa_change_profile(). . Check variadic parameter for type and duplicate name. . : calc free space for new interned string is wrong. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4' into master. . : str_ireplace with diacritics characters. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge bran
8.0.0beta220 Aug 2020 01:45 minor feature: Load ptoper IP value . Merge branch 'PHP-7.4'. . Run function JIT tests in nightly build. . Update azure macos builds to 10.15. . Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . temporary register usage. . Don't skip fcall guard for method calls from trait. . Force type update if the previous value was in register only. . Improve wording and spelling consistency in UPGRADING. . Increase timeout on asan job. . Check non-zero in is_power_of_two(). . : Promoted constructor params with attribs cause crash. . Skip tests leaking because of preloading failure. . Add a few missing parameter types in stubs. . Add missing RETURN_THROWS(). . memory leaks caused by incorrect AVOID_REFCOUNTING flag. . Clear result type for exit point caused by JMPZ_EX/NZ_EX. . Remove some dead code in RECV type inference. . Remove unused recv_arg_info from func_info. . Add type inference support for RECV_VARIADIC. . We check result type guard in FETCH_DIM_R/IS only if index is long or . . Remove more unused func_info fields. . the default value handling of imagegif(). . Document the signature change of zend_get_closure_method_def(). . Merge branch 'PHP-7.4'. . JIT when result of ASSIGN is in register, but the original vari . . Make check in RECV_VARIADIC more precise. . Also run function jit tests on macos. . Update i386 job to Ubuntu 20.04. . Warning to ValueError promotion in Intl extension Part 1. . ValueError for empty path in stream code. . Promote empty filename to ValueError in BZ2 extension. . Change leftover RETURN_FALSE to RETURN_THROWS() from 4095c0a. . Throw ValueError on empty tag in enchant_broker_request_dict(). . Implement named parameters. . Get rid of empty function entries. . Allow overriding completion in `auto_prepend_file`. . Convert resources to objects in ext/openssl. . Bump timeout again. . Add a few missing types to stubs. . skip ci grammar/typo nits in docs. . Ensure correct signatures for magic methods. . Bump timeouts,
8.0.0beta105 Aug 2020 13:05 minor feature: Merge branch 'PHP-7.4' . brittle test. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . build. . cut/paste error in expected test output. . Make test decimal to binary conversion expectation more tolerant. . Try to bit NTS build. . some clang warnings. . Avoid register reloading. . DynASM failure. . Revert "DynASM failure". . bit build. . We track only arguments of user functions on abstract stack. . Remove no longer needed stdint compatibility defines. . Don't record "fake" closures. . : PHP_CONFIG_FILE_PATH is meaningless. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . : convert error on receiving variables when duplicate . . Cleanup SPL instantiation code. . Allow keeping result of FETCH_DIM_R in CPU register. . Simplify user_stream_create_object. . Use zend_call_method in SoapFault::__toString(). . Cleanup abstract test usage. . Security: update to LiteSpeed SAPI v7.7 to address an buffer overflow . . Merge branch 'PHP-7.2' into PHP-7.3. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . Address some compiler warnings. . Implement nullsafe ?- operator. . Make nested ternary without parentheses a compile error. . Add the Z_PARAM_PATH_OR_NULL() and Z_PARAM_ZVAL_OR_NULL() macros. . Avoid UNKNOWN default in PDO::query(). . Validate collator earlier during sort. . . Result of branching opcode in side trace is unknown. . More consistent parameter names for date/time functions. . Support class+mask union for internal argument. . Cleanup argument handling in ext/reflection. . RFC Make string length for getTraceAsString() configurable. . PHP-7.4 is 7.4.10-dev now. . Merge branch 'PHP-7.4'. . Another pass of improving ext/date argument names. . memory leaks. . type in comment. . Add AST export support for nullsafe operator. . null pointer deref in compile_return(). . : File extensions are case-sensitive. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4
8.0.0alpha322 Jul 2020 15:45 minor feature: Merge branch 'PHP-7.4' . Remove leftover decomment. . Update to PCRE2 10.35. . Merge branch 'PHP-7.4'. . Load constant value only if necessary. . Add support for forcing regeneration of arginfo files. . Treat attribute argument lists like normal argument lists. . ci skip Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . JMP optimization. . func info for get_class_methods(). . Merge branch 'PHP-7.4'. . Better instruction selection. . IS_INDIRECT handling. . Merge branch 'PHP-7.4'. . IS_UNDEF handling. . Merge branch 'PHP-7.4'. . Removed already implemented TODO comment. . Use zend_string_equals API in a couple places. . . Added stubs for ext/oci8. . Reuse warning function. . sapi_windows_vt100_support() arginfo. . display info about system used to build and its provider. . define build system and provider on Windows. . skip ci add upgrade note. . Correctly determine arg name of USER_ARG_INFO functions. . ReflectionMethod::invoke() object is not optional. . Add string or object ZPP macros. . skip-ci Add README for ext/mysqli tests. . More accurate reference-counter inference. . More accurate reference-counter inference. . refactor: class constants parsing. . Avoid some unnecessary uses of no_separation=0. . Remove requirements for proto comments from CODING_STANDARDS. . Remove proto comments from C files. . a few comments. . Refactor levenshtein(). . Update NEWS for PHP 8.0.0alpha2. . Update NEWS for 8.0.0alpha3. . Don't allow separation in callback filter. . Disallow separation in a number of callbacks. . Don't allow separation in CallbackFilterIterator. . Don't allow separation in array functions. . up test. . Explicitly create references in UConverter callbacks. . Remove no_separation flag. . Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . . Remove ZEND_VM_EXPORT functionality. . Remove #undefs from vm_gen. . Assert exception set in HANDLE_EXCEPTION(). . Assert no exception
7.4.812 Jul 2020 19:25 minor feature: Update NEWS for PHP 7.4.8RC1 . Turn into marker. . Update NEWS for PHP 7.4.8. . Revert "Partial (Altering disable_functions from mod . . Update versions for PHP 7.4.8.
8.0.0alpha208 Jul 2020 01:05 minor feature: ::getStaticProperties() ignores property modifications. . Merge branch 'PHP-7.4'. . Revert ": ::getStaticProperties() ignores property modifica . . Merge branch 'PHP-7.4'. . Use standard bool type in EXIF extension. . Improved JIT for RECV and RECV_INIT instructions. . Remove outdated PHPDoc from ext/enchant's stub. . Increase failure threshold for 'extensive backtracking' fileinfo test. . Include stub hash in generated arginfo files. . : ::getStaticProperties() ignores property modifications. . Merge branch 'PHP-7.4'. . Skip two curl tests under asan. . Mark phpdbg test as XFAIL on Windows with JIT enabled. . verify arg jit for references. . Add test case for previous commit. . : ::getStaticPropertyValue() throws on protected props. . Merge branch 'PHP-7.4'. . potential environment variable deadlock. . Merge branch 'PHP-7.4'. . Add flag to forbid dynamic property creation on internal classes. . Add ZEND_ACC_NO_DYNAMIC_PROPERTIES flag to SysvMessageQueue. . Properly initialize displaysize. . crypt_r detection. . Handle *0 / *1 more consistently. . Merge branch 'PHP-7.4'. . Enforce min/max rounds in sha256/sha512 crypt. . Remove deprecated DES fallback in crypt(). . potential use-after-scope if crypt_r is used. . Remove unnecessary PHPDoc-alike blocks from tests. . typos in test cases for crypt_sha 256,512 . . Clean house in cryptographic hashing code. . Convert shmop resources to opaque objects. . Use usec from apache request time. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.4'. . Add the ZEND_ACC_NO_DYNAMIC_PROPERTIES flag to Shmop. . Make SimpleXMLElement a RecursiveIterator. . Introduce InternalIterator. . Generate tabs in generate_mime_type_map.php. . Sort extensions alphabetically. . Update UPGRADING.INTERNALS re: removed --disable-inline-optimization . . Correct comment in plain_wrapper.c (refers to microseconds, not milli . . comment to match function name for php_replace_controlchars_ex. . Remove
8.0.0alpha124 Jun 2020 20:25 minor feature: small typo in comment . Move upgrading note for mixed. . some line overruns in UPGRADING. . Add UPGRADING note for xmlrpc unbundling. . Add UPGRADING note for pty support. . php_get_args function info return type and add arg check. . tracing JIT for closure run_time_cache access. . Merge branch 'PHP-7.4'. . retutn type inference when return undefined variable. . Add some mixed types. . Merge branch 'PHP-7.4'. . Afdded misse MAY_BE_ARRAY_ flags. . Tracing JIT support for indirect CV modification (may be incomplete). . Merge branch 'PHP-7.4'. . Skip new test case on Windows when JIT is enabled. . Added missed helper. . Avoid reference counting when RETURN CV. . d out token IDs in test. . Handle VM interrupts after DO_ICALL through side exits. . Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . Use cheaper zend_rethrow_exception() instead of zend_throw_exception_ . . : ini_get() and opcache_get_configuration() inconsistency. . Avoid useless REFCOUNTED check. . typo in skipif section. . Avoid useless register reload. . "call_info" doesn't matter. . abstract stack consistency for JMPZ_EX/JMPNZ_EX. . Tracing JIT for FETCH_DIM_FUNC_ARG and FETCH_OBJ_FUNC_ARG when they a . . Merge branch 'PHP-7.4'. . Merge branch 'PHP-7.4'. . Remove MYSQLND_COMPRESSION_WANTED define. . Improved tracing JIT for FETCH_OBJ_R/IS. . Implement #47074: phpinfo() reports "On" as 1 for the some extensions. . Prefer shorter x86 instructions. . Add guard for FETCH_DIM_FUNC_ARG. . Merge branch 'PHP-7.4'. . Add Attributes. . Add upgrading note for Attributes RFC. . in_array() avoid internal property access as we have the arrlen already. . weird zend_bool usage in Intl Calendar::roll() method. . Avoid useless "mov". . phpdbg watchpoints wrt. negative_array_index RFC. . : Throw Error on require failure. . Pass zend_string message to zend_error_cb. . Merge branch 'PHP-7.4'. . Don't leak attributes on internal classes. . Free attribute validators on shutdown
7.4.710 Jun 2020 19:25 minor feature: Merge branch 'PHP-7.3' into PHP-7.4 . Add tidy.php to enforce formatting. . Apply tidy formatting. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . : Copied cURL handles upload empty file. . Merge branch 'PHP-7.3' into PHP-7.4 ci skip . . Merge branch 'PHP-7.3' into PHP-7.4. . NEWS ci skip . . Make opcodes to return de-refereced values of typed references (in th . . Merge branch 'PHP-7.3' into PHP-7.4. . PCRE: Check whether start offset is on char boundary. . PCRE: Only remember valid UTF-8 if start offset zero. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Update bundled stdxx check macros. . : Garbage collecting variant objects segfaults. . Merge branch 'PHP-7.3' into PHP-7.4. . (php crashes during parsing INI file). (Laruence). . Remove hint to security purpose of disable_functions. . Merge branch 'PHP-7.3' into PHP-7.4. . . Remove value from comment in php.ini files. . Merge branch 'PHP-7.3' into PHP-7.4. . Azure MacOS build. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Null Pointer Dereference in PHP Session Upload Progress. . Files added to tar with Phar::buildFromIterator have . . # 79171: heap-buffer-overflow in phar_extract_file. . Disable instantiation of zero size FFI CData objects. . Create a new console for each test worker on Windows. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Merge branch 'PHP-7.3' into PHP-7.4. . Don't use VLA in mysqlnd auth. . Merge branch 'PHP-7.3' into PHP-7.4. . Update Ubuntu version on Azure. . Merge branch 'PHP-7.3' into PHP-7.4. . Don't use asm arithmetic under msan. . Merge branch 'PHP-7.3' into PHP-7.4. . (operator displayed instead of the real error message). . (PHP-FPM Primary script unknown). . Merge branch 'PHP-7.3' into
7.0.727 May 2016 01:20 major bugfix: Core: Fixed bug #72162 (use-after-free - error_reporting). Add compiler option to disable special case function calls. Fixed bug #72101 (crash on complex code). Fixed bug #72100 (implode() inserts garbage into resulting string when joins very big integer). Fixed bug #72057 (PHP Hangs when using custom error handler and typehint). Fixed bug #72038 (Function calls with values to a by-ref parameter don't always throw a notice). Fixed bug #71737 (Memory leak in closure with parameter named this). Fixed bug #72059 (?? is not allowed on constant expressions). Fixed bug #72159 (Imported Class Overrides Local Class Name). Curl: Fixed bug #68658 (Define CURLE_SSL_CACERT_BADFILE). DBA: Fixed bug #72157 (use-after-free caused by dba_open). GD: Fixed bug #72227 (imagescale out-of-bounds read). (CVE-2013-7456) Intl: Fixed bug #72241 (get_icu_value_internal out-of-bounds read). (CVE-2016-5093) JSON: Fixed bug #72069 (Behavior JsonSerializable different from json_encode). Mbstring: Fixed bug #72164 (Null Pointer Dereference - mb_ereg_replace). OCI8: Fixed bug #71600 (oci_fetch_all segfaults when selecting more than eight columns). Opcache: Fixed bug #72014 (Including a file with anonymous classes multiple times leads to fatal error). OpenSSL: Fixed bug #72165 (Null pointer dereference - openssl_csr_new). PCNTL: Fixed bug #72154 (pcntl_wait/pcntl_waitpid array internal structure overwrite). POSIX: Fixed bug #72133 (php_posix_group_to_array crashes if gr_passwd is NULL). Postgres: Fixed bug #72028 (pg_query_params(): NULL converts to empty string). Fixed bug #71062 (pg_convert() doesn't accept ISO 8601 for datatype timestamp). Fixed bug #72151 (mysqli_fetch_object changed behaviour).
7.0.531 Mar 2016 14:30 major bugfix: Call-by-reference widens scope to uninvolved functions when used in switch, Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod, Global variables are reserved before execution, Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397, Strings used in pass-as-reference cannot be used to invoke C:: callable(, Segmentation fault on ZTS with date function (setlocale, Integer overflow in zend_mm_alloc_heap(, Leaked 1 hashtable iterators, ISO C does not allow extra ; outside of a function, yield from does not count EOLs, ReflectionMethod::getDocComment returns the wrong comment, php_strip_whitespace(, `php -R` (PHP_MODE_PROCESS_STDIN, Call-by-reference widens scope to uninvolved functions when used in switch, Possible crash in zend_bin_strtod, zend_oct_strtod, zend_hex_strtod, Global variables are reserved before execution, Out-of-bounds access in php_url_decode in context php_stream_url_wrap_rfc2397, Strings used in pass-as-reference cannot be used to invoke C:: callable(, Segmentation fault on ZTS with date function (setlocale, Integer overflow in zend_mm_alloc_heap(, Leaked 1 hashtable iterators, ISO C does not allow extra ; outside of a function, yield from does not count EOLs, ReflectionMethod::getDocComment returns the wrong comment, php_strip_whitespace(, `php -R` (PHP_MODE_PROCESS_STDIN, Support MKCALENDAR request method, Support MKCALENDAR request method, Support constant CURLM_ADDED_ALREADY, Support constant CURLM_ADDED_ALREADY, DatePeriod::getEndDate segfault, DatePeriod::getEndDate segfault, Buffer over-write in finfo_open with malformed magic file, Buffer over-write in finfo_open with malformed magic file, Access Violation crashes php-cgi.exe, Access Violation crashes php-cgi.exe, AddressSanitizer: negative-size-param (-1, AddressSanitizer: negative-size-param (-1, Executing prepared statements is succesfull only for the first two statements, Executing prepared statements is succesfull only for the first two statements
7.0.118 Dec 2015 22:41 major bugfix: Several bugs have been fixed. Format String Vulnerability in Class Name Error Message. Compile fails on system with 160 CPUs. Symbol referencing errors on Sparc/Solaris. When using parentClass:: instead of parent::, static context changed. Segfault when combining error handler with output buffering. Weird error handling for __toString when Error is thrown. Invalid opcode while using ::class as trait method paramater default value. try finally can create infinite chains of exceptions. Two errors messages are in conflict. yield from incorrectly marks valid generator as finished. buildconf failure in extensions. SAPI build problem on AIX: Undefined symbol: php_register_internal_extensions. Fixed int (or generally every scalar type name with leading backslash) to not be accepted as type name. Fixed exception not being thrown immediately into a generator yielding from an array. static::class within Closure::call() causes segfault. Incorrect exception handler with yield from. Fixed double free in error condition of format printer.
7.0.0rc124 Aug 2015 18:25 minor feature: PHP 7.0.0 RC 1 contains fixes for 27 reported bugs, and altogether over 200 commits with various stability improvements for database, array, assert, streams and other functionality. PHP 7.0.0 comes with new version of the Zend Engine with features such as: Improved performance: PHP 7 is up to twice as fast as PHP 5.6. Consistent 64-bit support. Many fatal errors are now Exceptions. Removal of old and unsupported SAPIs and extensions. The null coalescing operator (??). Combined comparison Operator (). Return Type Declarations. Scalar Type Declarations. Anonymous Classes.
7.0.0-alpha112 Jun 2015 21:35 major feature: PHP 7.0.0 Alpha 1 is a non-production development preview of the PHP7 major series with new version of the Zend Engine. The list of new features entails: Improved performance: up to twice as fast as PHP 5.6. Consistent 64-bit support. Many fatal errors are now Exceptions. Removal of old and unsupported SAPIs and extensions. The null coalescing operator (??). Combined comparison Operator (). Return Type Declarations. Scalar Type Declarations. Anonymous Classes.
5.6.1012 Jun 2015 21:25 minor bugfix: Temp. directory is cached during multiple requests, Conditional jump or move depends on uninitialised value in extension trait, Strange generator+exception+variadic crash, complex GLOB_BRACE fails on Windows, OS command injection vulnerability in escapeshellarg, Incorrect handling of paths with NULs, temp. directory is cached during multiple requests, Conditional jump or move depends on uninitialised value in extension trait, Strange generator+exception+variadic crash, complex GLOB_BRACE fails on Windows, OS command injection vulnerability in escapeshellarg, Incorrect handling of paths with NULs, Integer overflow in ftp_genlist(, Integer overflow in ftp_genlist(, GD fails to build with newer libvpx, GD fails to build with newer libvpx, iconv with //IGNORE cuts the string, iconv with //IGNORE cuts the string, Unchecked return value, Unchecked return value, mail(, mail(, ) (Leigh, ) (Leigh, Memory leak with opcache.optimization_level=0xFFFFFFFF, Memory leak with opcache.optimization_level=0xFFFFFFFF, CVE-2015-2325, CVE-2015-2326, CVE-2015-2325, CVE-2015-2326, phar symlink in binary directory broken, phar symlink in binary directory broken, segfault in php_pgsql_meta_data, segfault in php_pgsql_meta_data.
5.6.720 Mar 2015 23:45 major bugfix: Core: leaks when unused inner class use traits precedence. Crash in gc_zval_possible_root on unserialize. Segfault in get_current_user when script owner is not in passwd with ZTS build. Segfault when calling ob_start from output buffering callback. pointer returned by php_stream_fopen_temporary_file not validated in memory.c. Exception with invalid character causes segv. Missing arguments in reflection info for some builtin functions. Use After Free Vulnerability in unserialize(). (CVE-2015-0231) Per Directory Values overrides PHP_INI_SYSTEM configuration options. move_uploaded_file allows nulls in path. CGI: php-cgi's getopt does not see argv. CLI: auto_prepend_file messes up __LINE__. cURL: PHP_MINIT_FUNCTION does not fully initialize cURL on Win32. Add CURLPROXY_SOCKS4A and CURLPROXY_SOCKS5_HOSTNAME constants if supported by libcurl. Ereg: heap overflow vulnerability in regcomp.c. (CVE-2015-2305) FPM: request time is reset too early. ODBC: Allowed memory size exhausted with odbc_exec. Opcache: Opcache causes problem when passing a variable variable to a function. Array numeric string as key. switch(SOMECONSTANT) misbehaves. OpenSSL: Segmentation fault at openssl_spki_new. encrypted streams don't observe socket timeouts. use strict peer_fingerprint input checks. IP Address fields in subjectAltNames not used. SAN match fails with trailing DNS dot. Add signatureType to openssl_x509_parse. Inconsistent stream crypto values across versions. pgsql: pg_update() fails to store infinite values. Readline: Null dereference in readline_(read write)_history() without parameters. SOAP: SoapClient's __call() type confusion through unserialize(). SPL: "Segmentation fault" when (de)serializing SplObjectStorage. RecursiveDirectoryIterator::seek(0) broken after calling getChildren(). ZIP: ZIP Integer Overflow leads to writing past heap boundary. (CVE-2015-2331)
5.6.419 Dec 2014 11:45 major bugfix: Some Zend headers lack appropriate extern "C" blocks, Segfault while pre-evaluating a disabled function, "Inconsistent insteadof definition."- incorrectly triggered, Inconsistency in example php.ini comments, "unset( this, Incorrect argument reflection info for array_multisort(, NULL pointer dereference in unserialize.c, Array constant not accepted for array parameter default, Use after free vulnerability in unserialize(, Some Zend headers lack appropriate extern "C" blocks, Segfault while pre-evaluating a disabled function, "Inconsistent insteadof definition."- incorrectly triggered, Inconsistency in example php.ini comments, "unset( this, Incorrect argument reflection info for array_multisort(, NULL pointer dereference in unserialize.c, Array constant not accepted for array parameter default, Use after free vulnerability in unserialize(, fpm_unix_init_main ignores log_level, listen=9000 listens to ipv6 localhost instead of all addresses, access.format=' R' doesn't log ipv6 address, PHP-FPM will no longer load all pools, listen.allowed_clients is IPv4 only, php-fpm man page is oudated, Change pm.start_servers default warning to notice, listen.allowed_clients can silently result in no allowed access, php-fpm conf files loading order, access.log don't use prefix, fpm_unix_init_main ignores log_level, listen=9000 listens to ipv6 localhost instead of all addresses, access.format=' R' doesn't log ipv6 address, PHP-FPM will no longer load all pools, listen.allowed_clients is IPv4 only, php-fpm man page is oudated, Change pm.start_servers default warning to notice, listen.allowed_clients can silently result in no allowed access, php-fpm conf files loading order, access.log don't use prefix, build error with gmp 4.1, build error with gmp 4.1, PDO_PGSQL::beginTransaction(, Matteo, PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving, Matteo, PDO_PGSQL::beginTransaction(, Matteo, PDO::PARAM_BOOL and ATTR_EMULATE_PREPARES misbehaving, Matteo, Session custom storage callable
5.6.314 Nov 2014 07:25 security: Implemented 64-bit format codes for pack() and unpack(). proc_open on Windows hangs forever, A foreach on an array returned from a function not doing copy-on-write, Windows 8.1/Server 2012 R2 OS build number reported as 6.2 (instead of 6.3, DOMNodeList elements should be accessible through array notation, AddressSanitizer reports a heap buffer overflow in php_getopt(, a- foo .= 'test'; can leave a- foo undefined, parse_url(, zend_mm_heap corrupted after memory overflow in zend_hash_copy, libmagic: don't assume char is signed, buffer-overflow in libmagic/readcdf.c caught by AddressSanitizer, fileinfo: out-of-bounds read in elf note headers, PHP-FPM incorrectly defines the SCRIPT_NAME variable when using Apache, mod_proxy-fcgi and ProxyPass, listen and listen.allowed_clients should take IPv6 addresses, imagescale, imagescale, and gmp_random_bits(, GMP memory management conflicts with other libraries using GMP, linker error on some OS X machines with fixed width decimal support, ODBC not correctly reading DATE column when preceded by a VARCHAR column, Allow to use system cipher list instead of hardcoded value, PDO::pgsqlGetNotify doesn't support NOTIFY payloads, Segmentation fault on statement deallocation, Duplicate entry in Reflection for class alias, Regression in RecursiveRegexIterator,
5.6.217 Oct 2014 04:00 security: Integer overflow in unserialize, NULL byte injection - cURL lib, Heap corruption in exif_thumbnail, Global buffer overflow in mkgmtime
5.6.106 Oct 2014 03:40 minor bugfix: Fixes for parse_ini_file, SIGSEGV during zend_shutdown, Crash on SIGTERM in apache process, program_prefix not honoured in man pages, Segfault when extending interface method with variadic, Incorrect last used array index copied to new array after unset, New Posthandler Potential Illegal efree, SIGSEGV during zend_shutdown, Crash on SIGTERM in apache process, program_prefix not honoured in man pages, Segfault when extending interface method with variadic, Incorrect last used array index copied to new array after unset, New Posthandler Potential Illegal efree, finfo::file, finfo::file, Using GMP objects with overloaded operators can cause memory exhaustion, gmp_init, and gmp_export, Using GMP objects with overloaded operators can cause memory exhaustion, gmp_init, and gmp_export, mysqli does not handle 4-byte floats correctly, mysqli does not handle 4-byte floats correctly, extension won't build if openssl compiled without SSLv3, extension won't build if openssl compiled without SSLv3, compile error without ZEND_SIGNALS, compile error without ZEND_SIGNALS, SoapClient prepends 0-byte to cookie names, SoapClient prepends 0-byte to cookie names, SessionHandler Invalid memory read create_sid, SessionHandler Invalid memory read create_sid, Add optional nowait argument to sem_acquire, Add optional nowait argument to sem_acquire
5.6.028 Aug 2014 12:25 minor bugfix: This version introduces constant scalar expressions, variadic functions, and argument unpacking syntax, an exponentiation operator, function and constant importing with the use keyword, phpdbg as an interactive integrated debugger SAPI. It also adds php://input attribute changes as well as POST data parsing mechanism, and GMP objects now support operator overloading. Files larger than 2 gigabytes in size are now accepted. It constraints some language behaviour in that array keys won't be overwritten when defining an array as a property of a class via an array literal. json_decode() is more strict in JSON syntax parsing. Stream wrappers now verify peer certificates and host names by default when using SSL/TLS. GMP resources are now objects instead of resources. Mcrypt functions now require valid keys and IVs.
5.5.1624 Aug 2014 14:35 minor bugfix: COM: Fixed missing type checks in com_event_sink (Yussuf Khalil, Stas). Fileinfo: Fixed bug #67705 (extensive backtracking in rule regular expression). CVE-2014-3538) (Remi) Fixed bug #67716 (Segfault in cdf.c). (CVE-2014-3587) (Remi) FPM: Fixed bug #67635 (php links to systemd libraries without using pkg-config). pacho@gentoo.org, Remi) GD: Fixed bug #66901 (php-gd 'c_color' NULL pointer dereference). CVE-2014-2497) (Remi) Fixed bug #67730 (Null byte injection possible with imagexxx functions). CVE-2014-5120) (Ryan Mauger) Milter: Fixed bug #67715 (php-milter does not build and crashes randomly). (Mike) OpenSSL: Fixed missing type checks in OpenSSL options (Yussuf Khalil, Stas). readline: Fixed bug #55496 (Interactive mode doesn't force a newline before the prompt). (Bob, Johannes) Fixed bug #67496 (Save command history when exiting interactive shell with control-c). (Dmitry Saprykin, Johannes) Sessions: Fixed missing type checks in php_session_create_id (Yussuf Khalil, Stas). Core: Fixed bug #67693 (incorrect push to the empty array) (Tjerk) Fixed bug #67717 (segfault in dns_get_record). (CVE-2014-3597) (Remi) ODBC: Fixed bug #60616 (odbc_fetch_into returns junk data at end of multi-byte char fields). (Keyur)