Introduces C-side interned string registry (frankenphp_strings) and a frankenphp_server_vars struct to bulk-register known $_SERVER variables with pre-sized hashtable capacity.
Prevent crashes when `php.ini` references PHP extensions using relative
paths, and FrankenPHP is started from a different working directory than
the one containing extensions, or with `caddy start` (instead of `caddy
run`).
---------
Co-authored-by: Claude Opus 4.6 <noreply@anthropic.com>
Adds `XDG_CONFIG_HOME` and `XDG_DATA_HOME` to the example hardened image
docs, otherwise Caddy will fail to use the nonexistent /home directory
instead of `/data/caddy` and `/config/caddy`.
Also removes an unnecessary `--chown=nonroot:nonroot`.
This PR uses `zend_array_dup` to simplify and optimize the environment sandboxing
logic. It also guarantees no environment leakage on FrankenPHP restarts.
Revert the INI snapshot/restore mechanism from #2139 which caused
issues with frameworks that lazily set ini values like session.save_path
(#2185). Replace the session handler snapshot/restore with a simpler
direct session state reset from #2193, which preserves mod_user_names
across requests without requiring session module reload.
Co-Authored-By: Xavier Leune <xavier.leune@gmail.com>
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
GCC 12 on Debian Bookworm i386 emits a spurious -Werror=use-after-free
in libstdc++ basic_string.h when compiling e-dant/watcher, causing
Docker builds to fail.
Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
In #2205 it appears that workers could be reported in metrics as "ready"
before they are actually ready. This changes the reporting so that
workers are only reported ready once they have completed booting.
Signed-off-by: Robert Landers <landers.robert@gmail.com>
Automatically sets `ignore_user_abort` to true in worker mode as
mentioned in #2186, removing the requirement to change it via ini.
Would also be possible to expose something like an explicit
`frankenphp_client_has_closed()` function for in-between critical
sections.
---------
Co-authored-by: Marc <m@pyc.ac>
closes https://github.com/php/frankenphp/pull/1753
closes https://github.com/php/frankenphp/issues/2156
As per discussion here
https://github.com/php/frankenphp/discussions/2060#discussioncomment-15299936
I went ahead with different repos for different php versions. Versioned
support with stuff like `apt install frankenphp8.5` or `apk add
frankenphp85` are technically also ready, but I'm not running any CI for
that yet. I don't think it's worth it at this point as it would double
the amount of runs.
The old debian repository with only 8.4 is deprecated but will receive
updates for a few more months.
Every update/installation will print this notice, though, which will
hopefully make everyone aware:
```console
# running update from 8.4.15...
Unpacking php-zts-cli (8.4.16-1) ...
Setting up php-zts-cli (8.4.16-1) ...
================================================================================
⚠️ DEPRECATION NOTICE
================================================================================
The single-version php-zts repository is deprecated and will no longer receive updates.
Please migrate to the new repository with different PHP versions available.
More information: https://pkgs.henderkes.com
================================================================================
```
Updated the installer to version 8.5.
Compute base-image fingerprint from bake metadata and store it under a vendor label. Add a local test script to reproduce the fingerprint and compare runs.
Co-authored-by: Tim Nelles <tim.nelles@denkwerk.com>
