Version 8.1.9

• CLI:
  • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
  • Fixed (Intentionally closing std handles no longer possible).
• Core:
  • Fixed bug (error_log on Windows can hold the file write lock).
  • Fixed bug (WeakMap object reference offset causing TypeError).
• Date:
  • (DatePeriod doesn't warn with custom DateTimeImmutable).
• FPM:
  • Fixed zlog message prepend, free on incorrect address.
  • Fixed possible double free on configuration loading failure. (Heiko Weber).
• GD:
  • Fixed bug (imagecopyresized() error refers to the wrong argument).
• Intl:
  • Fixed build for ICU 69.x and onwards.
• OPcache:
  • Fixed bug (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
  • Fixed bug (Segfault with JIT and large match/switch statements).
• Reflection:
  • Fixed bug (Fixed Reflection::getModifiersNames() with readonly modifier).
• Standard:
  • Fixed the crypt_sha256/512 api build with clang > 12.
  • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
  • Fixed bug (php_stream_sock_open_from_socket could return NULL).

Version 8.1.8

• Core:
  • Fixed bug (Intel CET is disabled unintentionally).
  • Fixed leak in Enum::from/tryFrom for internal enums when using JIT
  • Fixed calling internal methods with a static return type from extension code.
  • Fixed bug (Casting an object to array does not unwrap refcount=1 references).
  • Fixed potential use after free in php_binary_init().
• CLI:
  • Fixed (Intentionally closing std handles no longer possible).
• COM:
  • Fixed bug (Integer arithmethic with large number variants fails).
• Curl:
  • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
• Date:
  • (Null-byte injection in CreateFromFormat and related functions).
  • (DST timezone abbreviation has incorrect offset).
  • (Weekdays are calculated incorrectly for negative years).
  • (timezone_open accepts invalid timezone string argument).
• Fileinfo:
  • (Heap buffer overflow in finfo_buffer). (CVE-2022-31627)
• FPM:
  • (fpm: syslog.ident don't work).
• GD:
  • Fixed imagecreatefromavif() memory leak.
• MBString:
  • mb_detect_encoding recognizes all letters in Czech alphabet
  • mb_detect_encoding recognizes all letters in Hungarian alphabet
  • Fixed bug (pcre not ready at mbstring startup).
  • Backwards-compatible mappings for 0x5C/0x7E in Shift-JIS are restored, after they had been changed in 8.1.0.
• ODBC:
  • Fixed handling of single-key connection strings.
• OPcache:
  • Fixed bug (tracing JIT crash after private instance method change).
• OpenSSL:
  • (Several openssl functions ignore the VCWD).
  • (NULL byte injection in several OpenSSL functions working with certificates).
• PDO_ODBC:
  • Fixed handling of single-key connection strings.
• Zip:
  • Fixed bug (ZipArchive::close deletes zip file without updating stat cache).

Version 8.1.7

• CLI:
  • Fixed bug (CLI closes standard streams too early).
• Date:
  • (strtotime plurals / incorrect time).
  • (Datetime fails to parse an ISO 8601 ordinal date (extended format)).
  • (DateTime object does not support short ISO 8601 time format - YYYY-MM-DDTHH)
  • (Timezones and offsets are not properly used when working with dates)
  • (date parsing fails when provided with timezones including seconds).
  • Fixed bug (Problems with negative timestamps and fractions).
• FPM:
  • Fixed ACL build check on MacOS.
  • : php-fpm writes empty fcgi record causing nginx 502.
• mysqlnd:
  • : mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
• OPcache:
  • Fixed bug (tracing JIT crash after function/method change).
• OpenSSL:
  • (error:14095126:SSL routines:ssl3_read_n:unexpected eof while reading).
• Pcntl:
  • Fixed Haiku build.
• pgsql:
  • : Uninitialized array in pg_query_params(). (CVE-2022-31625)
• Soap:
  • Fixed bug (Error on wrong parameter on SoapHeader constructor).
  • Fixed bug (SoapClient may strip parts of nmtokens).
• SPL:
  • Fixed bug (iterator_count() may run indefinitely).
• Standard:
  • Fixed bug (Crash during unloading of extension after dl() in ZTS).
• Zip:
  • Fixed type for index in ZipArchive::replaceFile.

Version 8.1.6

• Core:
  • Fixed bug (Registry settings are no longer recognized).
  • Fixed potential race condition during resource ID allocation.
  • Fixed bug (Preloading of constants containing arrays with enums segfaults).
  • Fixed Haiku ZTS builds.
• Date:
  • Fixed bug (DateTimeZone::getTransitions() returns insufficient data).
  • Fixed bug (Timezone doesn't work as intended).
  • (DateTimeZone::getTransitions() returns invalid data).
  • Fixed bug (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
• FFI:
  • Fixed bug (Assigning function pointers to structs in FFI leaks).
• FPM:
  • (FPM /status reports wrong number of active processe).
  • (FPM cannot shutdown processes).
  • Fixed comment in kqueue remove callback log message.
• Hash:
  • (segfault when serializing finalized HashContext).
• Iconv:
  • Fixed bug (ob_end_clean does not reset Content-Encoding header).
• Intl:
  • Fixed bug (msgfmt_format $values may not support references).
• MBString:
  • Number of error markers emitted for invalid UTF-8 text matches WHATWG specification. This is a return to the behavior of PHP 8.0 and earlier.
• MySQLi:
  • Fixed bug (MySQLi uses unsupported format specifier on Windows).
• SPL:
  • Fixed bug (ArrayIterator may leak when calling __construct()).
  • Fixed bug (SplFileObject: key() returns wrong value).
• Streams:
  • Fixed php://temp does not preserve file-position when switched to temporary file.
• zlib:
  • Fixed bug (ob_end_clean does not reset Content-Encoding header).

Version 8.1.5

• Core:
  • Fixed bug (Enum values in property initializers leak).
  • Fixed freeing of internal attribute arguments.
  • Fixed bug (memory leak of internal function attribute hash).
  • Fixed bug (ZTS support on Alpine is broken).
• Filter:
  • Fixed signedness confusion in php_filter_validate_domain().
• Intl:
  • Fixed bug (Can't catch arg type deprecation when instantiating Intl classes).
  • Fixed bug (Compilation error on cygwin).
  • Fixed bug (Fix IntlPartsIterator key off-by-one error and first key).
• MBString:
  • Fixed bug (mb_encode_mimeheader: $indent functionality broken).
• MySQLi:
  • Fixed bug (mysqli_fetch_object creates inaccessible properties).
• Pcntl:
  • Fixed bug (Compilation error on cygwin).
• PgSQL:
  • Fixed result_type related stack corruption on LLP64 architectures.
  • Fixed bug (pg_insert() fails for references).
• Sockets:
  • Fixed Solaris builds.
• SPL:
  • Fixed bug (SplFileObject - seek and key with csv file inconsistent).
  • Fixed bug (Cannot override DirectoryIterator::current() without return typehint in 8.1).
• Standard:
  • Fixed bug (Force macOS to use statfs).

Version 8.1.4

• Core:
  • Fixed Haiku ZTS build.
  • Fixed bug arginfo not regenerated for extension.
  • Fixed bug Segfault when dumping uncalled fake closure with static variables.
  • Fixed bug (Nested CallbackFilterIterator is leaking memory).
  • Fixed bug (Wrong type inference of range() result).
  • Fixed bug (Wrong first class callable by name optimization).
  • Fixed bug (op_arrays with temporary run_time_cache leak memory when observed).
• GD:
  • Fixed libpng warning when loading interlaced images.
• FPM:
  • (Unsafe access to fpm scoreboard).
• Iconv:
  • Fixed bug (ob_clean() only does not set Content-Encoding).
  • Fixed bug (Unexpected result for iconv_mime_decode).
• MBString:
  • Fixed bug (mb_check_encoding wrong result for 7bit).
• MySQLnd:
  • Fixed bug (NULL pointer dereference in mysqlnd package).
• Reflection:
  • Fixed bug (ReflectionClass::getConstants() depends on def. order).
• Zlib:
  • Fixed bug (ob_clean() only does not set Content-Encoding).

Version 8.1.3

• Core:
  • (Attribute instantiation leaves dangling pointer).
  • Fixed bug (Environment vars may be mangled on Windows).
  • Fixed bug (Segfault when INI file is not readable).
• FFI:
  • Fixed bug (FFI::cast() from pointer to array is broken).
• Filter:
  • Fix #81708: UAF due to php_filter_float() failing for ints. (CVE-2021-21708)
• FPM:
  • Fixed memory leak on invalid port.
  • Fixed bug (Invalid OpenMetrics response format returned by FPM status page.
• MBString:
  • Fixed bug (mb_send_mail may delimit headers with LF only).
• MySQLnd:
  • Fixed bug (MariaDB version prefix 5.5.5- is not stripped).
• pcntl:
  • Fixed pcntl_rfork build for DragonFlyBSD.
• Sockets:
  • Fixed bug (sockets extension compilation errors).
• Standard:
  • Fixed bug (Regression in unpack for negative int value).
  • Fixed bug (mails are sent even if failure to log throws exception).

Version 8.1.2

• Core:
  • (Nullsafe operator leaks dynamic property name).
  • (Using null coalesce assignment with $GLOBALS["x"] produces opcode error).
  • (GCC-11 silently ignores -R).
  • (Misleading "access type ... must be public" error message on final or abstract interface methods).
  • (cached_chunks are not counted to real_size on shutdown).
  • Fixed bug (Multi-inherited final constant causes fatal error).
  • Fixed zend_fibers.c build with ZEND_FIBER_UCONTEXT.
  • Added riscv64 support for fibers.
• Filter:
  • Fixed FILTER_FLAG_NO_RES_RANGE flag.
• Hash:
  • Fixed bug (Incorrect return types for hash() and hash_hmac()).
  • Fixed bug (Inconsistent argument name in hash_hmac_file and hash_file).
• MBString:
  • (mb_check_encoding(7bit) segfaults).
• MySQLi:
  • (MYSQL_OPT_LOAD_DATA_LOCAL_DIR not available in MariaDB).
  • Introduced MYSQLI_IS_MARIADB.
  • Fixed bug (mysqli_sql_exception->getSqlState()).
• MySQLnd:
  • Fixed bug where large bigints may be truncated.
• OCI8:
  • Fixed bug (php_oci_cleanup_global_handles segfaults at second call).
• OPcache:
  • (Tracing JIT crashes on reattaching).
• Readline:
  • (Cannot input unicode characters in PHP 8 interactive shell).
• Reflection:
  • (ReflectionEnum throwing exceptions).
• PDO_PGSQL:
  • Fixed error message allocation of PDO PgSQL.
• Sockets:
  • Avoid void* arithmetic in sockets/multicast.c on NetBSD.
  • Fixed ext/sockets build on Haiku.
• Spl:
  • (SplFileObject::seek broken with CSV flags).
  • Fixed bug (Cloning a faked SplFileInfo object may segfault).
• Standard:
  • Fixed bug (gethostbyaddr outputs binary string).
  • Fixed bug (php_uname doesn't recognise latest Windows versions).

Version 8.1.1

• IMAP:
  • (imap_(un)delete accept sequences, not single numbers).
• PCRE:
  • Update bundled PCRE2 to 10.39.
  • (Out of bounds in php_pcre_replace_impl).
• Standard:
  • (stream_get_contents() may unnecessarily overallocate).

Version 8.1.0

• Core:
  • Fixed inclusion order for phpize builds on Windows.
  • Added missing hashtable insertion APIs for arr/obj/ref.
  • (Relative file path is removed from uploaded file).
  • (CE_CACHE allocation with concurrent access).
  • (Fiber does not compile on AIX).
  • (SEGFAULT in zend_do_perform_implementation_check).
  • (Header injection via default_mimetype / default_charset).
  • (Fix compile failure on Solaris with clang).
  • (Observer may not be initialized properly).
  • (Using Enum as key in WeakMap triggers GC + SegFault).
  • (TEST_PHP_CGI_EXECUTABLE badly set in run-tests.php).
  • (unset() of $GLOBALS sub-key yields warning).
  • (New ampersand token parsing depends on new line after it).
  • (Unicode characters in cli.prompt causes segfault).
  • ("Declaration should be compatible with" gives incorrect line number with traits).
  • (CLI server: insufficient cleanup if request startup fails).
  • (match error message improvements).
  • (Fiber support missing for Solaris Sparc).
  • (Comparison of fake closures doesn't work).
  • (powerpc64 build fails on fibers).
  • (Cyclic unserialize in TMPVAR operand may leak).
  • (__sleep allowed to return non-array).
  • (function scope static variables are not bound to a unique function).
  • (__callStatic fired in base class through a parent call if the method is private).
  • (incorrect debug info on Closures with implicit binds).
• CLI:
  • (Server logs incorrect request method).
• COM:
  • Dispatch using LANG_NEUTRAL instead of LOCALE_SYSTEM_DEFAULT.
• Curl:
  • (Support CURLOPT_SSLCERT_BLOB for cert strings).
• Date:
  • (Regression Incorrect difference after timezone change).
  • (Interval serialization regression since 7.3.14 / 7.4.2).
  • (Incorrect timezone transition details for POSIX data).
  • (Missing second with inverted interval).
  • Speed up finding timezone offset information.
  • (date_create_from_format misses leap year).
  • (DateTimeZone::getTransitions() truncated).
  • (Wrong diff between 2 dates in different timezones).
  • (Missing second with inverted interval).
  • (DateTimeZone silently falls back to UTC when providing an offset with seconds).
  • (Regression in 8.1: add() now truncate ->f).
  • (Date interval calculation not correct).
  • (Incorrect difference using DateInterval).
  • (date_diff() function returns false result).
  • (dst not handled past 2038).
  • (Wrong date diff).
  • (DateTime. diff returns negative values).
  • (date_diff on two dates with timezone set localised returns wrong results).
  • (Incorrect date from timestamp).
  • (Extra day on diff between begin and end of march 2016).
  • (DateTime::diff confuse on timezone 'Asia/Tokyo').
  • (Datetime add not realising it already applied DST change).
  • (DateTimeImmutable::getTimestamp() triggers DST switch in incorrect time).
  • (Handling DST transitions correctly).
  • (Date diff is bad calculated, in same time zone).
  • (DateTime::add does only care about backward DST transition, not forward).
  • (DateTime->diff having issues with leap days for timezones ahead of UTC).
  • (Date difference varies according day time).
  • (DateTime's diff DateInterval incorrect in timezones from UTC+01:00 to UTC+12:00).
  • (diff makes wrong in hour for Asia/Tehran).
  • (DateTime::diff() generates months differently between time zones).
  • (timelib mishandles future timestamps (triggered by 'zic -b slim')).
  • (Invalid date time created (with day "00")).
  • (DateTime calculate wrong with DateInterval).
  • (DateTime objects behave incorrectly around DST transition).
  • (DateTime(Immutable)::sub around DST yield incorrect time).
• DBA:
  • (TokyoCabinet driver leaks memory).
• DOM:
  • (DOMElement::setIdAttribute() called twice may remove ID).
• FFI:
  • ("TYPE *" shows unhelpful message when type is not defined).
• Filter:
  • (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
• FPM:
  • (Future possibility for heap overflow in FPM zlog).
  • (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
  • Added openmetrics status format.
  • Enable process renaming on macOS.
  • Added pm.max_spawn_rate option to configure max spawn child processes rate.
  • (Events port mechanism).
• FTP:
  • Convert resource<ftp> to object \FTP\Connection.
• GD:
  • (libpng warning from imagecreatefromstring).
  • Convert resource<gd font> to object \GdFont.
  • Added support for Avif images
• hash:
  • (Add MurmurHash V3).
  • (Add xxHash support).
• JSON:
  • (Change of $depth behaviour in json_encode() on PHP 8.1).
• LDAP:
  • Convert resource<ldap link> to object \LDAP\Connection.
  • Convert resource<ldap result> to object \LDAP\Result.
  • Convert resource<ldap result entry> to object \LDAP\ResultEntry.
• MBString:
  • (mbstring may use pointer from some previous request).
  • (mb_detect_encoding() regression).
  • (mb_detect_encoding misdetcts ASCII in some cases).
  • (mb_detect_encoding() segfaults when 7bit encoding is specified).
• MySQLi:
  • (Emulate mysqli_fetch_all() for libmysqlclient).
  • (Replace language in APIs and source code/docs).
  • (Add option to specify LOAD DATA LOCAL white list folder (including libmysql)).
• MySQLnd:
  • (Crash (Bus Error) in mysqlnd due to wrong alignment).
  • (PDO uses too much memory).
• Opcache:
  • (Incorrect JIT code for ADD with a reference to array).
  • (Memory leak in PHPUnit with functional JIT).
  • (infinite loop in building cfg during JIT compilation).
  • (Wrong result with pow operator with JIT enabled).
  • (Intermittent property assignment failure with JIT enabled).
  • (Assertion `zv != ((void *)0)' failed for "preload" with JIT).
  • (building opcache with phpize fails).
  • (opcache header not installed).
  • Added inheritance cache.
• OpenSSL:
  • ($tag argument of openssl_decrypt() should accept null/empty string).
  • Bump minimal OpenSSL version to 1.0.2.
• PCRE:
  • (PCRE2 10.35 JIT performance regression).
  • Bundled PCRE2 is 10.37.
• PDO:
  • (PDO_MYSQL: PDO::PARAM_LOB does not bind to a stream for fetching a BLOB).
• PDO MySQL:
  • (PDO::lastInsertId() return wrong).
  • (PDO discards error message text from prepared statement).
• PDO OCI:
  • (Support 'success with info' at connection).
• PDO ODBC:
  • Implement PDO_ATTR_SERVER_VERSION and PDO_ATTR_SERVER_INFO for PDO::getAttribute().
• PDO PgSQL:
  • (pdo_pgsql: Inconsitent boolean conversion after calling closeCursor()).
• PDO SQLite:
  • (Proper data-type support for PDO_SQLITE).
• PgSQL:
  • (pg_end_copy still expects a resource).
  • Convert resource<pgsql link> to object \PgSql\Connection.
  • Convert resource<pgsql result> to object \PgSql\Result.
  • Convert resource<pgsql large object> to object \PgSql\Lob.
• Phar:
  • Use SHA256 by default for signature.
  • Add support for OpenSSL_SHA256 and OpenSSL_SHA512 signature.
• phpdbg:
  • (unknown help topic causes assertion failure).
• PSpell:
  • Convert resource<pspell> to object \PSpell\Dictionary.
  • Convert resource<pspell config> to object \PSpell\Config.
• readline:
  • (invalid read in readline completion).
• Reflection:
  • (ArgumentCountError when getting default value from ReflectionParameter with new).
  • (PHP 8.1: ReflectionClass->getTraitAliases() crashes with Internal error).
  • (Enum: ReflectionMethod->getDeclaringClass() return a ReflectionClass).
  • (Make ReflectionEnum and related class non-final).
  • (ReflectionProperty::getDefaultValue() returns current value for statics).
  • (ReflectionProperty::__toString() renders current value, not default value).
  • (ReflectionAttribute is not a Reflector).
  • (no way to determine if Closure is static).
  • Implement ReflectionFunctionAbstract::getClosureUsedVariables.
• Shmop:
  • (shmop_open won't attach and causes php to crash).
• SimpleXML:
  • (Segfault in zif_simplexml_import_dom).
• SNMP:
  • Implement SHA256 and SHA512 for security protocol.
• Sodium:
  • Added the XChaCha20 stream cipher functions.
  • Added the Ristretto255 functions, which are available in libsodium 1.0.18.
• SPL:
  • (SplFileObject::fgetcsv incorrectly returns a row on premature EOF).
  • (Recursive SplFixedArray::setSize() may cause double-free).
  • (LimitIterator + SplFileObject regression in 8.0.1).
  • (Special json_encode behavior for SplFixedArray).
  • ("Notice: Undefined index" on unset() ArrayObject non-existing key).
  • (FilesystemIterator::FOLLOW_SYMLINKS remove KEY_AS_FILE from bitmask).
• Standard:
  • (gethostbyaddr('::1') returns ip instead of name after calling some other method).
  • (Incorrectly using libsodium for argon2 hashing).
  • (PHP 7.3+ memory leak when unserialize() is used on an associative array).
  • (Serialization is unexpectedly allowed on anonymous classes with __serialize()).
  • (hrtime breaks build on OSX before Sierra).
  • (method_exists on Closure::__invoke inconsistency).
• Streams:
  • (stream_isatty emits warning with attached stream wrapper).
• XML:
  • (special character is breaking the path in xml function) (CVE-2021-21707).
  • (XML_OPTION_SKIP_WHITE strips embedded whitespace).
• Zip:
  • (ZipArchive::extractTo() may leak memory).
  • (Dirname ending in colon unzips to wrong dir).
  • (ZipArchive::extractTo extracts outside of destination) (CVE-2021-21706).
  • (ZipArchive::getStream doesn't use setPassword).

Version 8.0.22

• CLI:
  • Fixed potential overflow for the builtin server via the PHP_CLI_SERVER_WORKERS environment variable.
• Core:
  • Fixed bug (error_log on Windows can hold the file write lock).
  • Fixed bug (WeakMap object reference offset causing TypeError).
• Date:
  • (DatePeriod doesn't warn with custom DateTimeImmutable).
• DBA:
  • Fixed LMDB driver hanging when attempting to delete a non-existing key.
• FPM:
  • Fixed zlog message prepend, free on incorrect address.
  • Fixed possible double free on configuration loading failure.
• GD:
  • Fixed bug (imagecopyresized() error refers to the wrong argument).
• Intl:
  • Fixed build for ICU 69.x and onwards.
• OPcache:
  • Fixed bug (PHP hanging infinitly at 100% cpu when check php syntaxe of a valid file).
• Standard:
  • Fixed the crypt_sha256/512 api build with clang > 12.
  • Uses CCRandomGenerateBytes instead of arc4random_buf on macOs.

Version 8.0.21

• Core:
  • Fixed potential use after free in php_binary_init().
• CLI:
  • Fixed (Intentionally closing std handles no longer possible).
• COM:
  • Fixed bug (Integer arithmethic with large number variants fails).
• Curl:
  • Fixed CURLOPT_TLSAUTH_TYPE is not treated as a string option.
• Date:
  • (DST timezone abbreviation has incorrect offset).
  • (Weekdays are calculated incorrectly for negative years).
  • (timezone_open accepts invalid timezone string argument).
• FPM:
  • (fpm: syslog.ident don't work).
• MBString:
  • Fixed bug (pcre not ready at mbstring startup).
• ODBC:
  • Fixed handling of single-key connection strings.
• OpenSSL:
  • (Several openssl functions ignore the VCWD).
  • (NULL byte injection in several OpenSSL functions working with certificates).
• PDO_ODBC:
  • Fixed errorInfo() result on successful PDOStatement->execute().
  • Fixed handling of single-key connection strings.
• Zip:
  • Fixed bug (ZipArchive::close deletes zip file without updating stat cache).

Version 8.0.20

• CLI:
  • Fixed bug (CLI closes standard streams too early).
• Core:
  • Fixed Haiku ZTS builds.
• Date:
  • Fixed bug (Segmentation fault when converting immutable and mutable DateTime instances created using reflection).
• FPM:
  • Fixed ACL build check on MacOS.
  • : php-fpm writes empty fcgi record causing nginx 502.
• Mysqlnd:
  • : mysqlnd/pdo password buffer overflow. (CVE-2022-31626)
• OPcache:
  • Fixed bug (ini_get() is optimized out when the option does not exist).
• Pcntl:
  • Fixed Haiku build.
• Pgsql:
  • : Uninitialized array in pg_query_params(). (CVE-2022-31625)
• Soap:
  • Fixed bug (Error on wrong parameter on SoapHeader constructor).
  • Fixed bug (SoapClient may strip parts of nmtokens).
• SPL:
  • Fixed bug (iterator_count() may run indefinitely).
• Zip:
  • Fixed type for index in ZipArchive::replaceFile.

Version 8.0.19

• Core:
  • Fixed bug (Exceptions thrown within a yielded from iterator are not rethrown into the generator).
• Date:
  • Fixed bug (DatePeriod iterator advances when checking if valid).
• FFI:
  • Fixed bug (Assigning function pointers to structs in FFI leaks).
• FPM:
  • (FPM /status reports wrong number of active processe).
  • (FPM cannot shutdown processes).
  • Fixed comment in kqueue remove callback log message.
• Iconv:
  • Fixed bug (ob_end_clean does not reset Content-Encoding header).
• Intl:
  • Fixed bug (msgfmt_format $values may not support references).
• MySQLi:
  • Fixed bug (MySQLi uses unsupported format specifier on Windows).
• SPL:
  • Fixed bug (ArrayIterator may leak when calling __construct()).
  • Fixed bug (SplFileObject: key() returns wrong value).
• Streams:
  • Fixed php://temp does not preserve file-position when switched to temporary file.
• zlib:
  • Fixed bug (ob_end_clean does not reset Content-Encoding header).

Version 8.0.18

• Core:
  • Fixed freeing of internal attribute arguments.
  • Fixed bug (memory leak of internal function attribute hash).
  • Fixed bug (ZTS support on Alpine is broken).
• Filter:
  • Fixed signedness confusion in php_filter_validate_domain().
• Intl:
  • Fixed bug (Compilation error on cygwin).
• MBString:
  • Fixed bug (mb_encode_mimeheader: $indent functionality broken).
• MySQLi:
  • Fixed bug (mysqli_fetch_object creates inaccessible properties).
• Pcntl:
  • Fixed bug (Compilation error on cygwin).
• PgSQL:
  • Fixed result_type related stack corruption on LLP64 architectures.
  • Fixed bug (pg_insert() fails for references).
• Sockets:
  • Fixed Solaris builds.
• SPL:
  • Fixed bug (SplFileObject - seek and key with csv file inconsistent).
• Standard:
  • Fixed bug (Force macOS to use statfs).

Version 8.0.17

• Core:
  • Fixed Haiku ZTS build.
• GD:
  • Fixed libpng warning when loading interlaced images.
• FPM:
  • (Unsafe access to fpm scoreboard).
• Iconv:
  • Fixed bug (ob_clean() only does not set Content-Encoding).
  • Fixed bug (Unexpected result for iconv_mime_decode).
• MySQLnd:
  • Fixed bug (NULL pointer dereference in mysqlnd package).
• OPcache:
  • Fixed bug (Wrong type inference of range() result).
• Reflection:
  • Fixed bug (ReflectionClass::getConstants() depends on def. order).
• Zlib:
  • Fixed bug (ob_clean() only does not set Content-Encoding).

Version 8.0.16

• Core:
  • (Attribute instantiation leaves dangling pointer).
  • Fixed bug (Environment vars may be mangled on Windows).
• FFI:
  • Fixed bug (FFI::cast() from pointer to array is broken).
• Filter:
  • Fix #81708: UAF due to php_filter_float() failing for ints.
• FPM:
  • Fixed memory leak on invalid port.
• MBString:
  • Fixed bug (mb_send_mail may delimit headers with LF only).
• MySQLnd:
  • Fixed bug (MariaDB version prefix 5.5.5- is not stripped).
• Sockets:
  • Fixed ext/sockets build on Haiku.
  • Fixed bug (sockets extension compilation errors).
• Standard:
  • Fixed bug (mails are sent even if failure to log throws exception).

Version 8.0.15

• Core:
  • (GCC-11 silently ignores -R).
  • (cached_chunks are not counted to real_size on shutdown).
• Filter:
  • Fixed FILTER_FLAG_NO_RES_RANGE flag.
• Hash:
  • Fixed bug (Incorrect return types for hash() and hash_hmac()).
  • Fixed bug (Inconsistent argument name in hash_hmac_file and hash_file).
• MySQLnd:
  • Fixed bug where large bigints may be truncated.
• OCI8:
  • Fixed bug (php_oci_cleanup_global_handles segfaults at second call).
• OPcache:
  • (Tracing JIT crashes on reattaching).
• PDO_PGSQL:
  • Fixed error message allocation of PDO PgSQL.
• Sockets:
  • Avoid void* arithmetic in sockets/multicast.c on NetBSD.
• Spl:
  • (SplFileObject::seek broken with CSV flags).

Version 8.0.14

• Core:
  • (Stringable not implicitly declared if __toString() came from a trait).
  • (Fatal Error not properly logged in particular cases).
  • (Error on use static:: in __сallStatic() wrapped to Closure::fromCallable()).
  • (::class with dynamic class name may yield wrong line number).
• FPM:
  • (Future possibility for heap overflow in FPM zlog).
• GD:
  • (libpng warning from imagecreatefromstring).
• IMAP:
  • (imap_(un)delete accept sequences, not single numbers).
• OpenSSL:
  • (./configure: detecting RAND_egd).
• PCRE:
  • (Out of bounds in php_pcre_replace_impl).
• SPL:
  • (MultipleIterator Segmentation fault w/ SimpleXMLElement attached).
• Standard:
  • (dns_get_record fails on FreeBSD for missing type).
  • (stream_get_contents() may unnecessarily overallocate).

Version 8.0.13

• Core:
  • (Header injection via default_mimetype / default_charset).
• Date:
  • (Interval serialization regression since 7.3.14 / 7.4.2).
• DBA:
  • (TokyoCabinet driver leaks memory).
• MBString:
  • (mbstring may use pointer from some previous request).
• Opcache:
  • (Unexpected behavior with arrays and JIT).
• PCRE:
  • (PCRE2 10.35 JIT performance regression).
• XML:
  • (special character is breaking the path in xml function). (CVE-2021-21707)
• XMLReader:
  • (XMLReader::getParserProperty may throw with a valid property).

Version 8.0.12

• CLI:
  • (Server logs incorrect request method).
• Core:
  • (Observer current_observed_frame may point to an old (overwritten) frame).
  • (Observer may not be initialized properly).
• DOM:
  • (DOMElement::setIdAttribute() called twice may remove ID).
• FFI:
  • ("TYPE *" shows unhelpful message when type is not defined).
• FPM:
  • (PHP-FPM oob R/W in root process leading to privilege escalation) (CVE-2021-21703).
• Fileinfo:
  • (High memory usage during encoding detection).
• Filter:
  • (FILTER_FLAG_IPV6/FILTER_FLAG_NO_PRIV|RES_RANGE failing).
• Opcache:
  • (Cannot support large linux major/minor device number when read /proc/self/maps).
• Reflection:
  • ReflectionAttribute is no longer final.
• SPL:
  • (Recursive SplFixedArray::setSize() may cause double-free).
  • (LimitIterator + SplFileObject regression in 8.0.1).
• Standard:
  • (Change Error message of sprintf/printf for missing/typo position specifier).
• Streams:
  • (stream_isatty emits warning with attached stream wrapper).
• XML:
  • (XML_OPTION_SKIP_WHITE strips embedded whitespace).
• Zip:
  • (ZipArchive::extractTo() may leak memory).
  • (Dirname ending in colon unzips to wrong dir).

Version 8.0.11

• Core:
  • (Stream position after stream filter removed).
  • (Non-seekable streams don't update position after write).
  • (Integer Overflow when concatenating strings).
• GD:
  • (During resize gdImageCopyResampled cause colors change).
• Opcache:
  • (segfault with preloading and statically bound closure).
• Shmop:
  • (shmop_open won't attach and causes php to crash).
• Standard:
  • (disk_total_space does not work with relative paths).
  • (Unterminated string in dns_get_record() results).
• SysVMsg:
  • (Heap Overflow in msg_send).
• XML:
  • (xml_parse may fail, but has no error code).
• Zip:
  • (ZipArchive::getStream doesn't use setPassword).
  • (ZipArchive::extractTo extracts outside of destination).

Version 8.0.10

• Core:
  • (php_output_handler_append illegal write access).
  • (Weird behaviour when using get_called_class() with call_user_func()).
  • (Built-in Webserver Drops Requests With "Upgrade" Header).
• BCMath:
  • (BCMath returns "-0").
• CGI:
  • (HTTP Status header truncation).
• Date:
  • (Error parsing when AM/PM not at the end).
  • (DateTimeZone accepting invalid UTC timezones).
  • (date_create_from_format misses leap year).
  • (DateTime::modify() loses time with 'weekday' parameter).
• GD:
  • (imagefilledellipse does not work for large circles).
• MySQLi:
  • (Integer overflow in mysqli_real_escape_string()).
• Opcache:
  • (Wrong result with pow operator with JIT enabled).
  • (Intermittent property assignment failure with JIT enabled).
  • (Multiple PHP processes crash with JIT enabled).
  • (Segfault in var[] after array_slice with JIT).
  • (Memory leak in PHPUnit with functional JIT).
  • (Infinite loop in building cfg during JIT compilation) (Nikita, Dmitry)
  • (Integer overflow behavior is different with JIT enabled).
• OpenSSL:
  • (Error build openssl extension on php 7.4.22).
• PDO_ODBC:
  • (PDO_ODBC doesn't account for SQL_NO_TOTAL).
• Phar:
  • : Symlinks are followed when creating PHAR archive
• Shmop:
  • (shmop can't read beyond 2147483647 bytes).
• SimpleXML:
  • (Segfault in zif_simplexml_import_dom).
• Standard:
  • (Integer overflow on substr_replace).
  • (getimagesize returns 0 for 256px ICO images).
  • (Heap buffer overflow via str_repeat).
• Streams:
  • (Segfault when removing a filter).

Version 8.0.9

• Core:
  • (copy() and stream_copy_to_stream() fail for +4GB files).
  • (incorrect handling of indirect vars in __sleep).
  • (Object to int warning when using an object as a string offset).
  • (PHP built-in web server resets timeout when it can kill the process).
  • (Built-in Webserver - overwrite $_SERVER['request_uri']).
  • (Using return value of zend_assign_to_variable() is not safe).
  • (--r[fcez] always return zero exit code).
• Intl:
  • (Locale::lookup() wrong result with canonicalize option).
  • (IntlDateFormatter fails for "GMT+00:00" timezone).
  • (grapheme_strrpos() broken for negative offsets).
• OpenSSL:
  • (openssl_csr_sign truncates $serial).
• PCRE:
  • (PCRE2 10.37 shows unexpected result).
  • (Too much memory is allocated for preg_replace()).
• Reflection:
  • (Segmentation fault while create newInstance from attribute).
• Standard:
  • (flock() only locks first byte of file).

Version 8.0.8

• Core:
  • (incorrect debug info on Closures with implicit binds).
  • (Double free in realpath_cache_clean()).
  • (open_basedir bypass through adding "..").
  • (Typed property performance degradation with .= operator).
  • (Integer underflow in memory limit comparison).
  • (SSRF bypass in FILTER_VALIDATE_URL). (CVE-2021-21705)
• Bzip2:
  • (fflush before stream_filter_remove corrupts stream).
• Fileinfo:
  • (implicit declaration of function 'magic_stream' is invalid).
• GMP:
  • (GMP operators throw errors with wrong parameter names).
• OCI8:
  • (error in regression test for oci_fetch_object() and oci_fetch_array()).
• Opcache:
  • (Broken property type handling after incrementing reference).
  • (JIT segfault with return from required file).
• OpenSSL:
  • (native Windows cert verification uses CN as server name).
• MySQLnd:
  • (PDO uses too much memory).
• PDO_Firebird:
  • (Stack buffer overflow in firebird_info_cb). (CVE-2021-21704)
  • (SIGSEGV in firebird_handle_doer). (CVE-2021-21704)
  • (SIGSEGV in firebird_stmt_execute). (CVE-2021-21704)
  • (Crash while parsing blob data in firebird_fetch_blob). (CVE-2021-21704)
• readline:
  • (invalid read in readline completion).
• Standard:
  • (phpinfo(INFO_VARIABLES) "Array to string conversion").
  • (method_exists on Closure::__invoke inconsistency).
• Windows:
  • (PGO data for main PHP DLL are not used).

Version 8.0.7

• Core:
  • (opendir() warning wrong info when failed on Windows).
  • (HTTP Authorization schemes are treated as case-sensitive).
  • (Memory exhaustion on invalid string offset).
• FPM:
  • (Events port mechanism).
• FTP:
  • (Info leak in ftp extension).
  • (Wrong FTP error messages).
• GD:
  • (GD install is affected by external libgd installation).
• Intl:
  • (Unable to clone NumberFormatter after failed parse()).
• MBString:
  • (mb_convert_encoding removes references from arrays).
• ODBC:
  • (ODBC doesn't account for SQL_NO_TOTAL indicator).
• Opcache:
  • (JIT "not supported" on 32-bit x86 -- build problem?).
  • (Opcache optimization assumes wrong part of ternary operator in if-condition).
  • (Literal compaction merges non-equal related literals).
• PDO_MySQL:
  • (PDO discards error message text from prepared statement).
• PDO_ODBC:
  • (bound parameters ignore explicit type definitions).
• pgsql:
  • Fixed php_pgsql_fd_cast() wrt. php_stream_can_cast().
• SPL:
  • (SplFileObject::DROP_NEW_LINE is broken for NUL and CR).
• XMLReader:
  • (XMLReader: encoding length not checked).
• Zip:
  • (ZipArchive::extractTo() ignores references).

Version 8.0.6

• PDO_pgsql:
  • Revert " (PDO::PARAM_INT is treated the same as PDO::PARAM_STR)"

Version 8.0.5

• Core:
  • (Flushing streams with compression filter is broken).
  • (Function exec without $output but with $restult_code parameter crashes).
  • (threaded mod_php won't load on FreeBSD: No space available for static Thread Local Storage).
  • Changed PowerPC CPU registers used by Zend VM to work around GCC bug. Old registers (r28/r29) might be clobbered by _restgpr routine used for return from C function compiled with -Os.
• Dba:
  • (dba_popen() may cause segfault during RSHUTDOWN).
• DOM:
  • (UAF when appending DOMDocument to element).
• FFI:
  • (CData structs with fields of type struct can't be passed as C function argument).
• FPM:
  • (Duplication of info about inherited socket after pool removing).
• FTP:
  • (SSL_read on shutdown, ftp/proc_open).
• IMAP:
  • (imap_open() fails when the flags parameter includes CL_EXPUNGE).
  • (imap_mail_compose() header injection).
• Intl:
  • (msgfmt_format() does not accept DateTime references).
• LibXML:
  • (Invalid memory access in php_libxml_xmlCheckUTF8).
  • (simplexml_load_file() doesn't use HTTP headers).
• MySQLnd:
  • (Calling stmt_store_result after fetch doesn't throw an error).
• Opcache:
  • (PHP problem with JIT).
  • (erronous array key overflow in 2D array with JIT).
  • (PHP crash using JIT).
  • (DASM_S_RANGE_VREG on PHP_INT_MIN-1).
• Pcntl:
  • (Potential integer overflow in pcntl_exec()).
• PCRE:
  • (preg_split ignores limit flag when pattern with \K has 0-width fullstring match).
• PDO_ODBC:
  • (PDO ODBC truncates BLOB records at every 256th byte).
• PDO_pgsql:
  • (PDO::PARAM_INT is treated the same as PDO::PARAM_STR).
• Session:
  • (Cannot set save handler when save_handler is invalid).
  • (session_name() problem with backslash).
• SOAP:
  • (SOAP special XML characters in namespace URIs not encoded).
• Standard:
  • (Taking a reference to $_SERVER hides its values from phpinfo()).
  • ('getdir' accidentally defined as an alias of 'dir').
  • (phpinfo(INFO_CREDITS) displays nothing in CLI).
  • (http wrapper silently ignores long Location headers).
  • (HTTP wrapper waits for HTTP 1 response after HTTP 101).
• Zip:
  • (ZipArchive::isCompressionMethodSupported does not exist).

Version 8.0.3

• Core:
  • (mail(): Headers after Bcc headers may be ignored).
• DOM:
  • (DOMChildNode::remove() doesn't work on CharacterData nodes).
• Gettext:
  • (bindtextdomain with null dir doesn't return old value).
• MySQLnd:
  • (mysqlnd's mysql_clear_password does not transmit null-terminated password).
  • (SegFault when disabling ATTR_EMULATE_PREPARES and MySQL 8.0).
• MySQLi:
  • (x() and y() truncating floats to integers).
• Opcache:
  • (write_property handler of internal classes is skipped on preloaded JITted code).
  • (opcache doesn't honour pcre.jit option).
  • (Opcache JIT makes some boolean logic unexpectedly be true).
  • (JIT produces Assert failure and UNKNOWN:0 var_dumps in code involving bitshifts).
• OpenSSL:
  • (Providing RSA key size < 512 generates key that crash PHP).
• Phar:
  • (Unclear error message wrt. __halt_compiler() w/o semicolon)
  • (Phar does not mark UTF-8 filenames in ZIP archives).
  • (Phar cannot compress large archives).
• Socket:
  • (Different sockets compare as equal (regression in 8.0)).
• SPL:
  • (Iterating after failed ArrayObject::setIteratorClass() causes Segmentation fault).
• Standard:
  • (file_get_contents() maxlen fails above (2**31)-1 bytes).
  • (ext/standard/dl.c fallback code path with syntax error).

Version 8.0.2

• Core:
  • (bogus parse error on >4GB source code).
  • (filter buffers entire read until file closed).
  • (Invalid union type TypeError in anonymous classes).
  • (GCC throws warning about type narrowing in ZEND_TYPE_INIT_CODE).
• BCMath:
  • (bcadd('a', 'a') doesn't throw an exception).
• Curl:
  • (Resetting POSTFIELDS to empty array breaks request).
• Date:
  • (last day of the month causes runway cpu usage).
• DOM:
  • (Wrong parameter type in DOMElement::removeAttributeNode stub).
• Filter:
  • (0x and 0X are considered valid hex numbers by filter_var()).
• GMP:
  • (Strings containing only a base prefix return 0 object).
• Intl:
  • (Missing resource causes subsequent get() calls to fail).
• MySQLi:
  • (mysqlnd with MYSQLI_OPT_INT_AND_FLOAT_NATIVE fails to interpret bit columns).
  • (Fetching resultsets from stored procedure with cursor fails).
  • (segfault using prepared statements on stored procedures that use a cursor).
  • (Crash in mysqlnd_fetch_stmt_row_cursor when calling an SP with a cursor).
• ODBC:
  • (all floats are the same in ODBC parameters).
• Opcache:
  • (php_opcache.dll crashes when using Apache 2.4 with JIT).
• PDO_Firebird:
  • (Parameters with underscores no longer recognized).
• Phar:
  • (zip-based phar does not respect phar.require_hash).
  • (Incorrect locator detection in ZIP-based phars).
  • (Compressed ZIP Phar extractTo() creates garbage files).
• Phpdbg:
  • Reverted fix for bug (Access violation near NULL on source operand).
• SOAP:
  • (Null Dereference in SoapClient). (CVE-2021-21702)

Version 8.0.1

• Core:
  • (PHPIZE configuration has outdated PHP_RELEASE_VERSION).
  • (White space not unfolded for CC/Bcc headers).
  • (Iterable not covariant to mixed).
  • (Build of PHP extension fails due to configuration gap with libtool).
  • (stream filter loses final block of data).
• Fileinfo:
  • (finfo_open crafted magic parsing SIGABRT).
• FPM:
  • (FPM returns 200 status on request without SCRIPT_FILENAME env).
• IMAP:
  • (imap_msgno() incorrectly warns and return false on valid UIDs in PHP 8).
  • Fix a regression with valid UIDs in imap_savebody().
  • Make warnings for invalid message numbers/UIDs between functions consistent.
• Intl:
  • (MessageFormatAdapter::getArgTypeList redefined).
• Opcache:
  • (Incorrect range inference result when division results in float).
  • (Opcache misses executor_globals).
  • (Unable to disable the use of the AVX command when using JIT).
  • (Strange out of memory error when running with JIT).
  • (Segmentation fault with JIT enabled).
  • (Immediate SIGSEGV upon ini_set("opcache.jit_debug", 1)).
• OpenSSL:
  • (OpenSSL extension fails to build against LibreSSL due to lack of OCB support).
• PDO MySQL:
  • (PDOStatement::fetchAll() throws for upsert queries).
  • (nextRowset() ignores MySQL errors with native prepared statements).
  • (PDO::exec() - Bad error handling with multiple commands).
  • (Multiple rowsets not returned unless PDO statement object is unset()).
  • (Unexpected "Cannot execute queries while other unbuffered queries").
  • (Multiple statements in init command triggers unbuffered query error).
  • (PDOStatement cannot be GCed/closeCursor-ed when a PROCEDURE resultset SIGNAL).
  • (Can't execute query with pending result sets).
  • (PDO does not throw an exception when parameter values are missing).
  • (PdoStatement->execute() fails but does not throw an exception).
  • (LOAD DATA INFILE broken).
  • (Executing PDOStatement::fetch() more than once prevents releasing resultset).
  • (PDO re-uses parameter values from earlier calls to execute()).
• Phar:
  • (Phar Zip parse crash - mmap fail).
  • (`PharData` says invalid checksum for valid tar).
  • (PharData::addEmptyDir('/') Possible integer overflow).
• Phpdbg:
  • (Access violation near NULL on source operand).
• SPL:
  • (SplFileObject: fgets after seek returns wrong line).
• Standard:
  • (Return Value of zend_fstat() not Checked).
  • (FILTER_VALIDATE_URL accepts URLs with invalid userinfo). (CVE-2020-7071)
• Tidy:
  • (ob_tidyhandler is never reset).
• Tokenizer:
  • (Nullsafe operator tokenize with TOKEN_PARSE flag fails).
• XML:
  • XmlParser opaque object renamed to XMLParser for consistency with other XML objects.
• Zlib:
  • (Support for flushing in zlib stream).

Version 8.0.0

• BZ2:
  • (fread() does not report bzip2.decompress errors).
• CLI:
  • Allow debug server binding to an ephemeral port via `-S localhost:0`.
• COM:
  • (DOTNET .NET 4.0 GAC new location).
  • (com_event_sink crashes on certain arguments).
• Calendar:
  • (Potential type confusion in unixtojd() parameter parsing).
• Core:
  • (scandir duplicates file name at every 65535th file).
  • (Fatal error "Function must be a string" message should be renamed).
  • (register_shutdown_function() does not correctly handle exit code).
  • (Allow implementing Traversable on abstract classes).
  • (Enhance undefined class constant error with class name).
  • (Calling exit() in a shutdown function does not change the exit value in CLI).
  • (Unclear error message when not implementing a renamed abstract trait function).
  • (Converting optional argument to variadic forbidden by LSP checks).
  • (Can't rebind closure returned by Closure::fromCallable()).
  • (Shebang line not stripped for non-primary script).
  • (Wrong reflection on MultipleIterator::__construct).
  • (Cannot alias a method named "namespace").
  • (convert error on receiving variables when duplicate [).
  • (Incorrect callability check inside internal methods).
  • (Referencing argument in a function makes it a reference in the stack trace).
  • ("Unexpected end of file" is not an acceptable error message).
  • (method_exists and property_exists incoherent behavior).
  • (data:// wrappers are writable).
  • (Check __set_state structure).
  • ("Illegal offset type" exception during AST evaluation not handled properly).
  • (Assertion failure when unsetting variable during binary op).
  • (Segfault when trying to access non-existing variable).
  • (Syntax error in configure / unescaped "[]" in php.m4).
  • (count(DOMNodeList) doesn't match count(IteratorIterator(DOMNodeList))).
  • (Promoted untyped properties should get null default value).
  • (Promoted constructor params with attribs cause crash).
  • (Generator doesn't throw exception after multiple yield from iterable).
  • (Build fails due to undeclared UINT32_C).
  • (Exit in auto-prepended file does not abort PHP execution).
  • (memleak after two set_exception_handler calls with __call).
  • (Segmentation fault with named arguments in nested call).
  • (Cannot skip arguments when extended debug is enabled).
  • (broken namespace usage in eval code).
  • (Windows Deduplication Enabled, randon permission errors).
  • (ADD_EXTENSION_DEP() fails for ext/standard and ext/date).
  • (assert() vs named parameters - confusing error).
  • (Abstract trait methods returning "self" cannot be fulfilled by traits).
  • Fixed faulty generator cleanup with yield from.
  • Implement #[Attr] Attribute syntax as per final vote in RFC https://wiki.php.net/rfc/shorter_attribute_syntax_change
  • (phpinfo() reports "On" as 1 for the some extensions).
  • (require() throws fatal error instead of exception).
  • Removed the pdo_odbc.db2_instance_name php.ini directive.
  • Use SSE2 instructions do locale independent strtolower.
• Curl:
  • Bumped required libcurl version to 7.29.0.
  • (Null pointer deref if CurlHandle directly instantiated).
• DOM:
  • Add property DOMXPath::$registerNodeNamespaces and constructor argument that allow global flag to configure query() or evaluate() calls.
  • (DOMChildNode API crash on unattached nodes).
  • (loadHTML() truncates at NUL bytes).
• Date:
  • (DateTime::createFromFormat should new static(), not new self()).
  • (Default value for sunrise/sunset zenith still wrong).
  • (discrepancy between time and microtime).
  • (DateTimeImmutable::createFromFormat() does not populate time).
  • (datetime: new format "p", same as "P" but returning "Z" for UTC).
• Enchant:
  • Add LIBENCHANT_VERSION macro.
  • Add enchant_dict_add and enchant_dict_is_added functions.
  • Deprecate enchant_broker_set_dict_path, enchant_broker_get_dict_path, enchant_dict_add_to_personal and enchant_dict_is_in_session.
  • Use libenchant-2 when available.
• FFI:
  • Added FFI\CType::getName() method.
  • (FFI doesn't handle well PHP exceptions within callback).
  • (Converting FFI instances to bool fails).
• FPM:
  • Add pm.status_listen option.
• Fileinfo:
  • Upgrade to libmagic 5.39.
• GD:
  • Added imagegetinterpolation().
  • (imagepolygon num_points requirement).
  • Made the $num_points parameter of php_imagepolygon optional.
  • Removed deprecated image2wbmp().
  • Removed deprecated png2wbmp() and jpeg2wbmp().
  • Replaced gd resources with objects.
• IMAP:
  • (imap_sort() does not return FALSE on failure).
  • (segfault on imap_reopen).
  • (imap_mail_compose() segfaults on certain $bodies).
  • (imap_mail_compose() may modify by-val parameters).
  • (imap_mail_compose() does not validate types/encodings).
  • (imap_mail_compose() may leak memory).
  • (imap_mail_compose() leaks envelope on malformed bodies).
  • (imap_sort() leaks sortpgm memory).
  • (imap_rfc822_write_address() leaks memory).
  • (imap_mail_compose() segfaults for multipart with rfc822).
  • Fixed minor regression caused by fixing bug .
• Iconv:
  • Dropped support for iconv without proper errno setting.
• Intl:
  • Removed deprecated INTL_IDNA_VARIANT_2003.
• JIT:
  • (Wrong result if executed with JIT).
  • (PHP cannot be compiled with enable JIT).
  • (Crash seen when opcache.jit=1235 and opcache.jit_debug=2).
  • (Fatal error when assigning to array property with JIT enabled).
  • (JIT segfault in Symfony OptionsResolver).
  • (Incorrect execution with JIT enabled).
• JSON:
  • The JSON extension is now an integral part of PHP and cannot be disabled as per RFC: https://wiki.php.net/rfc/always_enable_json (tandre)
• LDAP:
  • Fixed memory leaks.
  • Removed deprecated ldap_sort.
• MBString:
  • (mb_regex_set_options() return current options).
  • Removed the unused $is_hex parameter from mb_decode_numericentity().
• MySQLi:
  • (SSL settings aren't respected when persistent connections are used).
• Mysqlnd:
  • (mysqlnd exposes 160 lines of stats in phpinfo).
• OCI8:
  • Deprecated old OCI8 function aliases.
  • Modernized oci_register_taf_callback() callable argument parsing implementation.
  • Removed obsolete no-op function oci_internal_debug().
• ODBC:
  • (odbc_connect() may reuse persistent connection).
  • (Fetching may rely on uninitialized data).
• Opcache:
  • (Opcache does not replay compile-time warnings).
  • (Incorrectly computed opcache checksum on files with non-ascii characters).
  • (ini_get() and opcache_get_configuration() inconsistency).
  • (Optimizer segfault with isset on static property with undef dynamic class name).
  • (PHP8 RC1 - JIT Buffer not working).
  • (Complex expression in while / if statements resolves to false incorrectly).
  • (Opcache bug (bad condition result) in 8.0.0rc1).
  • Fixed run-time binding of preloaded dynamically declared function.
• OpenSSL:
  • Added Cryptographic Message Syntax (CMS) support.
• PCRE:
  • Don't ignore invalid escape sequences.
  • Updated to PCRE2 10.35.
• PDO:
  • Changed default PDO error mode to exceptions.
  • (Disable cloning of PDO handle/connection objects).
• PDO_Firebird:
  • (Firebird PDO preprocessing sql).
• PDO_OCI:
  • Added support for setting and getting the oracle OCI 18c call timeout.
• PDO_PGSQL:
  • Bumped required libpq version to 9.1.
• PGSQL:
  • Bumped required libpq version to 9.1.
• Phpdbg:
  • (phpdbg support for display_errors=stderr).
  • (too many open files).
  • (phpdbg segfaults on listing some conditional breakpoints).
  • (phpdbg build fails when readline is shared).
• Reflection:
  • (ReflectionClass::getMethods() returns methods out of scope).
  • (Reflection does not honor trait conflict resolution / method aliasing).
  • (Nested traits' aliased methods are lowercased).
  • (ReflectionClassConstant::$class returns wrong class when extending).
  • (ReflectionClass::implementsInterface - inaccurate error message with traits).
  • (ReflectionMethod::getReturnType() does not handle static as part of union type).
  • (ReflectionFunction->invokeArgs confused in arguments).
  • (getAttributes segfault on dynamic properties).
  • (Add $filter parameter for ReflectionClass::getConstants and ReflectionClass::getReflectionConstants) (carusogabriel)
  • Implement ReflectionProperty::hasDefaultValue and Reflection::getDefaultValue (beberlei)
• SNMP:
  • (disable md5 code when it is not supported in net-snmp).
• SPL:
  • (spl_autoload_register fails with multiple callables using self, same method).
  • (Circular references in SPL iterators are not garbage collected).
  • (Second call of spl_autoload_register() does nothing if it has no arguments).
  • (Memory leak in SplFileInfo because of missing zend_restore_error_handling()).
  • SplFixedArray is now IteratorAggregate rather than Iterator.
• SQLite3:
  • Added SQLite3::setAuthorizer() and respective class constants.
• Session:
  • (session_decode() silently fails on wrong input).
  • (session_gc return value for user defined session handlers).
• Shmop:
  • Converted shmop resources to objects.
• SimpleXML:
  • (Root elements are not properly cloned).
  • (Don't set content of elements with only whitespaces).
• Sodium:
  • (sign_detached() strings not terminated).
• Standard:
  • Don't force rebuild of symbol table, when populating $http_response_header variable by the HTTP stream wrapper.
  • (mixed LF and CRLF line endings in mail()).
  • (lstat_stat_variation7.phpt fails on certain file systems).
  • (str_replace should warn when misused with nested arrays).
  • (stream_get_line skips data if used with data-generating filter).
  • (getimagesize(): Read error! should mention file path).
  • (parse_url() does not include 'query' when question mark is the last char).
  • (Sorting with array_unique gives unwanted result).
  • (file_get_contents strip first line with chunked encoding redirect).
  • (parse_url silently drops port number 0).
  • (Double free when ASSERT_CALLBACK is used with a dynamic message).
  • (__PHP_Incomplete_Class should be final).
  • Made quoting of cmd execution functions consistent.
• Tidy:
  • Removed the unused $use_include_path parameter from tidy_repair_string().
• Tokenizer:
  • (PhpToken::getAll() confusing name).
• XML:
  • (xml_parser_free() should never leak memory).
• XMLWriter:
  • Changed functions to accept/return XMLWriter objects instead of resources.
  • (xmlwriter_write_attribute_ns: $prefix should be nullable).
  • Removed return types from XMLWriter stubs.
• Zip:
  • Add "flags" options to ZipArchive::addGlob and addPattern methods keeping previous behavior having FL_OVERWRITE by default.
  • Add ZipArchive::EM_UNKNOWN and ZipArchive::EM_TRAD_PKWARE constants.
  • Add ZipArchive::isCompressionMethodSupported() and ZipArchive::isEncryptionMethodSupported() method (libzip 1.7.0).
  • Add ZipArchive::replaceFile() method.
  • Add ZipArchive::setCancelCallback method (since libzip 1.6.0).
  • Add ZipArchive::setMtimeName and ZipArchive::setMtimeIndex methods.
  • Add ZipArchive::setProgressCallback method (since libzip 1.3.0).
  • Add lastId property to ZipArchive.
  • Add optional "flags" parameter to ZipArchive::addEmptyDir, addFile and addFromString methods.
  • (files extracted by ZipArchive class lost their original modified time).
  • (remove_path strips first char of filename).
  • (add compression / encryption options for ZipArchive::addGlob and ZipArchive::addPattern).
  • ZipArchive::status and ZipArchive::statusSys properties and ZipArchive::getStatusString() method stay valid after the archive is closed.
• Zlib:
  • (fread() does not report zlib.inflate errors).
  • (zlib.output_compression disabled by Content-Type: image/).