NEWS

PHP                                                                        NEWS
|||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
?? ??? ????, PHP 8.2.23

- Core:
  . Fixed bug GH-15020 (Memory leak in Zend/Optimizer/escape_analysis.c).
    (nielsdos)
  . Fixed bug GH-15023 (Memory leak in Zend/zend_ini.c). (nielsdos)
  . Fixed bug GH-13330 (Append -Wno-implicit-fallthrough flag conditionally).
    (Peter Kokot)
  . Fix uninitialized memory in network.c. (nielsdos)
  . Fixed bug GH-15108 (Segfault when destroying generator during shutdown).
    (Arnaud)

- Curl:
  . Fixed case when curl_error returns an empty string.
    (David Carlier)

- DOM:
  . Fix UAF when removing doctype and using foreach iteration. (nielsdos)

- FFI:
  . Fixed bug GH-14286 (ffi enum type (when enum has no name) make memory
    leak). (nielsdos, dstogov)

- Intl:
  . Fixed bug GH-15087 (IntlChar::foldCase()'s $option is not optional). (cmb)

- Opcache:
  . Fixed bug GH-13817 (Segmentation fault for enabled observers after pass 4).
    (Bob)
  . Fixed bug GH-13775 (Memory leak possibly related to opcache SHM placement).
    (Arnaud, nielsdos)

- PDO_Firebird:
  . Fix bogus fallthrough path in firebird_handle_get_attribute(). (nielsdos)

- PHPDBG:
  . Fixed bug GH-13199 (EOF emits redundant prompt in phpdbg local console mode
    with libedit/readline). (Peter Kokot)

- Soap:
  . Fixed bug #55639 (Digest autentication dont work). (nielsdos)

- Standard:
  . Fix passing non-finite timeout values in stream functions. (nielsdos)
  . Fixed GH-14780 p(f)sockopen timeout overflow. (David Carlier)

- Streams:
  . Fixed bug GH-15028 (Memory leak in ext/phar/stream.c). (nielsdos)
  . Fixed bug GH-15034 (Integer overflow on stream_notification_callback
    byte_max parameter with files bigger than 2GB). (nielsdos)

- Tidy:
  . Fix memory leaks in ext/tidy basedir restriction code. (nielsdos)

01 Aug 2024, PHP 8.2.22

- Core:
  . Fixed bug GH-13922 (Fixed support for systems with
    sysconf(_SC_GETPW_R_SIZE_MAX) == -1). (Arnaud)
  . Fixed bug GH-14626 (Fix is_zend_ptr() for huge blocks). (Arnaud)
  . Fixed bug GH-14590 (Memory leak in FPM test gh13563-conf-bool-env.phpt.
    (nielsdos)
  . Fixed OSS-Fuzz #69765. (nielsdos)
  . Fixed bug GH-14741 (Segmentation fault in Zend/zend_types.h). (nielsdos)
  . Fixed bug GH-14969 (Use-after-free in property coercion with __toString()).
    (ilutov)
  . Fixed bug GH-14961 (Comment between -> and keyword results in parse error).
    (ilutov)

- Dom:
  . Fixed bug GH-14702 (DOMDocument::xinclude() crash). (nielsdos)

- Gd:
  . ext/gd/tests/gh10614.phpt: skip if no PNG support. (orlitzky)
  . restored warning instead of fata error. (dryabov)

- LibXML:
  . Fixed bug GH-14563 (Build failure with libxml2 v2.13.0). (nielsdos)

- Opcache:
  . Fixed bug GH-14550 (No warning message when Zend DTrace is enabled that
    opcache.jit is implictly disabled). (nielsdos)

- Output:
  . Fixed bug GH-14808 (Unexpected null pointer in Zend/zend_string.h with
    empty output buffer). (nielsdos)

- PDO:
  . Fixed bug GH-14712 (Crash with PDORow access to null property).
    (David Carlier)

- Phar:
  . Fixed bug GH-14603 (null string from zip entry).
    (David Carlier)

- PHPDBG:
  . Fixed bug GH-14596 (crashes with ASAN and ZEND_RC_DEBUG=1).
    (David Carlier)
  . Fixed bug GH-14553 (echo output trimmed at NULL byte). (nielsdos)

- Shmop:
   . Fixed bug GH-14537 (shmop Windows 11 crashes the process). (nielsdos)

- SimpleXML:
   . Fixed bug GH-14638 (null dereference after XML parsing failure).
     (David Carlier)

- SPL:
  . Fixed bug GH-14639 (Member access within null pointer in
    ext/spl/spl_observer.c). (nielsdos)

- Standard:
  . Fix 32-bit wordwrap test failures. (orlitzky)
  . Fixed bug GH-14774 (time_sleep_until overflow). (David Carlier)

- Tidy:
  . Fix memory leak in tidy_repair_file(). (nielsdos)

- Treewide:
  . Fix compatibility with libxml2 2.13.2. (nielsdos)

- XML:
  . Move away from to-be-deprecated libxml fields. (nielsdos)
  . Fixed bug GH-14834 (Error installing PHP when --with-pear is used).
    (nielsdos)

04 Jul 2024, PHP 8.2.21

- Core:
  . Fixed bug GH-14315 (Incompatible pointer type warnings). (Peter Kokot)
  . Fixed bug GH-12814 (max_execution_time reached too early on MacOS 14
    when running on Apple Silicon). (Manuel Kress)
  . Fixed bug GH-14387 (Crash when stack walking in destructor of yielded from
    values during Generator->throw()). (Bob)
  . Fixed bug GH-14456 (Attempting to initialize class with private constructor
    calls destructor). (Girgias)
  . Fixed bug GH-14549 (Incompatible function pointer type for fclose).
    (Ryan Carsten Schmidt)

- BCMath:
  . Fixed bug (bcpowmod() with mod = -1 returns 1 when it must be 0). (Girgias)

- Curl:
  . Fixed bug GH-14307 (Test curl_basic_024 fails with curl 8.8.0). (nielsdos)

- DOM:
  . Fixed bug GH-14343 (Memory leak in xml and dom). (nielsdos)

- FPM:
  . Fixed bug GH-14037 (PHP-FPM ping.path and ping.response config vars are
    ignored in status pool). (Wilhansen Li, Pierrick Charron)

- GD:
  . Fix parameter numbers for imagecolorset(). (Giovanni Giacobbi)

- Intl:
  . Fix reference handling in SpoofChecker. (nielsdos)

- MySQLnd:
  . Partially fix bug GH-10599 (Apache crash on Windows when using a
    self-referencing anonymous function inside a class with an active
    mysqli connection). (nielsdos)

- Opcache:
  . Fixed bug GH-14267 (opcache.jit=off does not allow enabling JIT at runtime).
    (ilutov)
  . Fixed TLS access in JIT on FreeBSD/amd64. (Arnaud)
  . Fixed bug GH-11188 (Error when building TSRM in ARM64). (nielsdos)

- PDO ODBC:
  . Fixed bug GH-14367 (incompatible SDWORD type with iODBC). (Calvin Buckley)

- PHPDBG:
  . Fixed bug GH-13681 (segfault on watchpoint addition failure). (David Carlier)

- Soap:
  . Fixed bug #47925 (PHPClient can't decompress response). (nielsdos)
  . Fix missing error restore code. (nielsdos)
  . Fix memory leak if calling SoapServer::setObject() twice. (nielsdos)
  . Fix memory leak if calling SoapServer::setClass() twice. (nielsdos)
  . Fix reading zlib ini settings in ext-soap. (nielsdos)
  . Fix memory leaks with string function name lookups. (nielsdos)
  . Fixed bug #69280 (SoapClient classmap doesn't support fully qualified class
    name). (nielsdos)
  . Fixed bug #76232 (SoapClient Cookie Header Semicolon). (nielsdos)
  . Fixed memory leaks when calling SoapFault::__construct() twice. (Girgias)

- Sodium:
  . Fix memory leaks in ext/sodium on failure of some functions. (nielsdos)

- SPL:
  . Fixed bug GH-14290 (Member access within null pointer in extension spl).
    (nielsdos)

- Standard:
  . Fixed bug GH-14483 (Fixed off-by-one error in checking length of abstract
    namespace Unix sockets). (Derick)

- Streams:
  . Fixed bug GH-11078 (PHP Fatal error triggers pointer being freed was not
    allocated and malloc: double free for ptr errors). (nielsdos)

06 Jun 2024, PHP 8.2.20

- CGI:
  . Fixed buffer limit on Windows, replacing read call usage by _read.
    (David Carlier)
  . Fixed bug GHSA-3qgc-jrrr-25jv (Bypass of CVE-2012-1823, Argument Injection
    in PHP-CGI). (CVE-2024-4577) (nielsdos)

- CLI:
  . Fixed bug GH-14189 (PHP Interactive shell input state incorrectly handles
    quoted heredoc literals.). (nielsdos)

- Core:
  . Fixed bug GH-13970 (Incorrect validation of #[Attribute] flags type for
    non-compile-time expressions). (ilutov)
  . Fixed bug GH-14140 (Floating point bug in range operation on Apple Silicon
    hardware). (Derick, Saki)

- DOM:
  . Fix crashes when entity declaration is removed while still having entity
    references. (nielsdos)
  . Fix references not handled correctly in C14N. (nielsdos)
  . Fix crash when calling childNodes next() when iterator is exhausted.
    (nielsdos)
  . Fix crash in ParentNode::append() when dealing with a fragment
    containing text nodes. (nielsdos)

- FFI:
  . Fixed bug GH-14215 (Cannot use FFI::load on CRLF header file with
    apache2handler). (nielsdos)

- Filter:
  . Fixed bug GHSA-w8qr-v226-r27w (Filter bypass in filter_var FILTER_VALIDATE_URL).
    (CVE-2024-5458) (nielsdos)

- FPM:
  . Fix bug GH-14175 (Show decimal number instead of scientific notation in
    systemd status). (Benjamin Cremer)

- Hash:
  . ext/hash: Swap the checking order of `__has_builtin` and `__GNUC__`
    (Saki Takamachi)

- Intl:
  . Fixed build regression on systems without C++17 compilers. (Calvin Buckley,
    Peter Kokot)

- Ini:
  . Fixed bug GH-14100 (Corrected spelling mistake in php.ini files).
    (Marcus Xavier)

- MySQLnd:
  . Fix bug GH-14255 (mysqli_fetch_assoc reports error from
    nested query). (Kamil Tekiela)

- Opcache:
  . Fixed bug GH-14109 (Fix accidental persisting of internal class constant in
    shm). (ilutov)

- OpenSSL:
  . The openssl_private_decrypt function in PHP, when using PKCS1 padding
    (OPENSSL_PKCS1_PADDING, which is the default), is vulnerable to the Marvin Attack
    unless it is used with an OpenSSL version that includes the changes from this pull
    request: https://github.com/openssl/openssl/pull/13817 (rsa_pkcs1_implicit_rejection).
    These changes are part of OpenSSL 3.2 and have also been backported to stable
    versions of various Linux distributions, as well as to the PHP builds provided for
    Windows since the previous release. All distributors and builders should ensure that
    this version is used to prevent PHP from being vulnerable. (CVE-2024-2408)

- Standard:
  . Fixed bug GHSA-9fcc-425m-g385 (Bypass of CVE-2024-1874).
    (CVE-2024-5585) (nielsdos)

- XML:
  . Fixed bug GH-14124 (Segmentation fault with XML extension under certain
    memory limit). (nielsdos)

- XMLReader:
  . Fixed bug GH-14183 (XMLReader::open() can't be overridden). (nielsdos)

09 May 2024, PHP 8.2.19

- Core:
  . Fixed bug GH-13772 (Invalid execute_data->opline pointers in observer fcall
    handlers when JIT is enabled). (Bob)
  . Fixed bug GH-13931 (Applying zero offset to null pointer in
    Zend/zend_opcode.c). (nielsdos)
  . Fixed bug GH-13942 (Align the behavior of zend-max-execution-timers with
    other timeout implementations). (Kévin Dunglas)
  . Fixed bug GH-14003 (Broken cleanup of unfinished calls with callable convert
    parameters). (ilutov)
  . Fixed bug GH-14013 (Erroneous dnl appended in configure). (Peter Kokot)
  . Fixed bug GH-10232 (If autoloading occurs during constant resolution
    filename and lineno are identified incorrectly). (ranvis)
  . Fixed bug GH-13727 (Missing void keyword). (Peter Kokot)

- Fibers:
  . Fixed bug GH-13903 (ASAN false positive underflow when executing copy()).
    (nielsdos)

- FPM:
  . Fixed bug GH-13563 (Setting bool values via env in FPM config fails).
    (Jakub Zelenka)

- Intl:
  . Fixed build for icu 74 and onwards. (dunglas)

- MySQLnd:
  . Fix shift out of bounds on 32-bit non-fast-path platforms. (nielsdos)

- Opcache:
  . Fixed incorrect assumptions across compilation units for static calls.
    (ilutov)

- OpenSSL:
  . Fixed bug GH-10495 (feof on OpenSSL stream hangs indefinitely).
    (Jakub Zelenka)

- PDO SQLite:
  . Fix GH-13984 (Buffer size is now checked before memcmp). (Saki Takamachi)
  . Fix GH-13998 (Manage refcount of agg_context->val correctly).
    (Saki Takamachi)

- Phar:
  . Fixed bug GH-13836 (Renaming a file in a Phar to an already existing
    filename causes a NULL pointer dereference). (nielsdos)
  . Fixed bug GH-13833 (Applying zero offset to null pointer in zend_hash.c).
    (nielsdos)
  . Fix potential NULL pointer dereference before calling EVP_SignInit. (icy17)

- PHPDBG:
  . Fixed bug GH-13827 (Null pointer access of type 'zval' in phpdbg_frame).
    (nielsdos)

- Posix:
  . Fix usage of reentrant functions in ext/posix. (Arnaud)

- Session:
  . Fixed bug GH-13856 (Member access within null pointer of type 'ps_files' in
    ext/session/mod_files.c). (nielsdos)
  . Fixed bug GH-13891 (memleak and segfault when using ini_set with
    session.trans_sid_hosts). (nielsdos, kamil-tekiela)
  . Fixed buffer _read/_write size limit on windows for the file mode. (David Carlier)

- Streams:
  . Fixed file_get_contents() on Windows fails with "errno=22 Invalid
    argument". (Damian Wójcik)
  . Fixed bug GH-13264 (Part 1 - Memory leak on stream filter failure).
    (Jakub Zelenka)
  . Fixed bug GH-13860 (Incorrect PHP_STREAM_OPTION_CHECK_LIVENESS case in
    ext/openssl/xp_ssl.c - causing use of dead socket). (nielsdos)
  . Fixed bug GH-11678 (Build fails on musl 1.2.4 - lfs64). (Arnaud)

- Treewide:
  . Fix gcc-14 Wcalloc-transposed-args warnings. (Cristian Rodríguez)

11 Apr 2024, PHP 8.2.18

- Core:
  . Fixed bug GH-13612 (Corrupted memory in destructor with weak references).
    (nielsdos)
  . Fixed bug GH-13784 (AX_GCC_FUNC_ATTRIBUTE failure). (Remi)
  . Fixed bug GH-13670 (GC does not scale well with a lot of objects created in
    destructor). (Arnaud)

- DOM:
  . Add some missing ZPP checks. (nielsdos)
  . Fix potential memory leak in XPath evaluation results. (nielsdos)
  . Fix phpdoc for DOMDocument load methods. (VincentLanglet)

- FPM
  . Fixed incorrect check in fpm_shm_free(). (nielsdos)

- GD:
  . Fixed bug GH-12019 (add GDLIB_CFLAGS in feature tests). (Michael Orlitzky)

- Gettext:
  . Fixed sigabrt raised with dcgettext/dcngettext calls with gettext 0.22.5
    with category set to LC_ALL. (David Carlier)

- MySQLnd:
  . Fix GH-13452 (Fixed handshake response [mysqlnd]). (Saki Takamachi)
  . Fix incorrect charset length in check_mb_eucjpms(). (nielsdos)

- Opcache:
  . Fixed GH-13508 (JITed QM_ASSIGN may be optimized out when op1 is null).
    (Arnaud, Dmitry)
  . Fixed GH-13712 (Segmentation fault for enabled observers when calling trait
    method of internal trait when opcache is loaded). (Bob)

- PDO:
  . Fix various PDORow bugs. (Girgias)

- Random:
  . Fixed bug GH-13544 (Pre-PHP 8.2 compatibility for mt_srand with unknown
    modes). (timwolla)
  . Fixed bug GH-13690 (Global Mt19937 is not properly reset in-between
    requests when MT_RAND_PHP is used). (timwolla)

- Session:
  . Fixed bug GH-13680 (Segfault with session_decode and compilation error).
    (nielsdos)

- Sockets:
  . Fixed bug GH-13604 (socket_getsockname returns random characters in the end
    of the socket name). (David Carlier)

- SPL:
  . Fixed bug GH-13531 (Unable to resize SplfixedArray after being unserialized
    in PHP 8.2.15). (nielsdos)
  . Fixed bug GH-13685 (Unexpected null pointer in zend_string.h). (nielsdos)

- Standard:
  . Fixed bug GH-11808 (Live filesystem modified by tests). (nielsdos)
  . Fixed GH-13402 (Added validation of `\n` in $additional_headers of mail()).
    (SakiTakamachi)
  . Fixed bug GH-13203 (file_put_contents fail on strings over 4GB on Windows).
    (divinity76)
  . Fixed bug GHSA-pc52-254m-w9w7 (Command injection via array-ish $command
    parameter of proc_open). (CVE-2024-1874) (Jakub Zelenka)
  . Fixed bug GHSA-wpj3-hf5j-x4v4 (__Host-/__Secure- cookie bypass due to
    partial CVE-2022-31629 fix). (CVE-2024-2756) (nielsdos)
  . Fixed bug GHSA-h746-cjrr-wfmr (password_verify can erroneously return true,
    opening ATO risk). (CVE-2024-3096) (Jakub Zelenka)

- XML:
  . Fixed bug GH-13517 (Multiple test failures when building with
    --with-expat). (nielsdos)

14 Mar 2024, PHP 8.2.17

- Core:
  . Fix ZTS persistent resource crashes on shutdown. (nielsdos)

- Curl:
  . Fix failing tests due to string changes in libcurl 8.6.0. (Ayesh)

- DOM:
  . Fix reference access in dimensions for DOMNodeList and DOMNodeMap.
    (nielsdos)

- Fileinfo:
  . Fixed bug GH-13344 (finfo::buffer(): Failed identify data 0:(null),
    backport). (nielsdos)

- FPM:
  . Fixed bug #75712 (getenv in php-fpm should not read $_ENV, $_SERVER).
    (Jakub Zelenka)

- GD:
  . Fixed bug GH-12019 (detection of image formats in system gd library).
    (Michael Orlitzky)

- MySQLnd:
  . Fixed bug GH-11950 ([mysqlnd] Fixed not to set CR_MALFORMED_PACKET to error
    if CR_SERVER_GONE_ERROR is already set). (Saki Takamachi)

- PGSQL:
  . Fixed bug GH-13354 (pg_execute/pg_send_query_params/pg_send_execute
    with null value passed by reference). (George Barbarosie)

- Standard:
  . Fixed array key as hash to string (case insensitive) comparison typo
    for the second operand buffer size (albeit unused for now). (A. Slepykh)

15 Feb 2024, PHP 8.2.16

- Core:
  . Fixed timer leak in zend-max-execution-timers builds. (withinboredom)
  . Fixed bug GH-12349 (linking failure on ARM with mold). (Jan Palus)
  . Fixed bug GH-13097 (Anonymous class reference in trigger_error / thrown
    Exception). (nielsdos)
  . Fixed bug GH-13215 (GCC 14 build failure). (Remi)

- Curl:
  . Fix missing error check in curl_multi_init(). (divinity76)

- FPM:
  . Fixed bug GH-12996 (Incorrect SCRIPT_NAME with Apache ProxyPassMatch when
    plus in path). (Jakub Zelenka)

- GD:
  . Fixed bug GH-10344 (imagettfbbox(): Could not find/open font UNC path).
    (nielsdos)
  . Fixed bug GH-10614 (imagerotate will turn the picture all black, when
    rotated 90). (nielsdos)

- MySQLnd:
  . Fixed bug GH-12107 (When running a stored procedure (that returns a result
    set) twice, PHP crashes). (nielsdos)

- Opcache:
  . Fixed bug GH-13232 (Segmentation fault will be reported when JIT is off but
    JIT_debug is still on). (nielsdos)

- OpenSSL:
  . Fixed LibreSSL undefined reference when OPENSSL_NO_ENGINE not set.
   (David Carlier).

- PDO_Firebird:
  . Fix GH-13119 (Changed to convert float and double values into strings using
    `H` format). (SakiTakamachi)

- Phar:
  . Fixed bug #71465 (PHAR doesn't know about litespeed). (nielsdos)
  . Fixed bug GH-13037 (PharData incorrectly extracts zip file). (nielsdos)

- Random:
  . Fixed bug GH-13138 (Randomizer::pickArrayKeys() does not detect broken
    engines). (timwolla)

- Session:
  . Fixed bug GH-12504 (Corrupted session written when there's a fatal error
    in autoloader). (nielsdos)

- Streams:
  . Fixed bug GH-13071 (Copying large files using mmap-able source streams may
    exhaust available memory and fail). (nielsdos)

18 Jan 2024, PHP 8.2.15

- Core:
  . Fixed bug GH-12953 (false positive SSA integrity verification failed when
    loading composer classmaps with more than 11k elements). (nielsdos)
  . Fixed bug GH-12966 (missing cross-compiling 3rd argument so Autoconf doesn't
    emit warnings). (Peter Kokot)
  . Fixed bug GH-13727 (missing void keyword for C generate code for feature test).
    (Peter Kokot/David Carlier)

- Cli:
  . Fix incorrect timeout in built-in web server when using router script and
    max_input_time. (ilutov)

- FFI:
  . Fixed bug GH-9698 (stream_wrapper_register crashes with FFI\CData).
    (Jakub Zelenka)
  . Fixed bug GH-12905 (FFI::new interacts badly with observers). (nielsdos)

- GD:
  . Fixed GH-13082 undefined behavior with GdFont instances handling with
    imageload* and imagechar*. (David Carlier)

- Intl:
  . Fixed GH-12943 (IntlDateFormatter::__construct accepts 'C' as valid locale).
    (David Carlier)

- Hash:
  . Fixed bug GH-12936 (hash() function hangs endlessly if using sha512 on
    strings >= 4GiB). (nielsdos)

- ODBC:
  . Fix crash on Apache shutdown with persistent connections. (nielsdos)

- Opcache:
  . Fixed oss-fuzz #64727 (JIT undefined array key warning may overwrite DIM
    with NULL when DIM is the same var as result). (ilutov)
  . Added workaround for SELinux mprotect execheap issue.
    See https://bugzilla.kernel.org/show_bug.cgi?id=218258. (ilutov)

- OpenSSL:
  . Fixed bug GH-12987 (openssl_csr_sign might leak new cert on error).
    (Jakub Zelenka)

- PDO:
  . Fix GH-12969 (Fixed PDO::getAttribute() to get PDO::ATTR_STRINGIFY_FETCHES).
    (SakiTakamachi)

- PDO_ODBC:
  . Fixed bug GH-12767 (Unable to turn on autocommit mode with setAttribute()).
    (SakiTakamachi)

- PGSQL:
  . Fixed auto_reset_persistent handling and allow_persistent type. (David Carlier)
  . Fixed bug GH-12974 (Apache crashes on shutdown when using pg_pconnect()).
    (nielsdos)

- Phar:
  . Fixed bug #77432 (Segmentation fault on including phar file). (nielsdos)

- PHPDBG:
  . Fixed bug GH-12962 (Double free of init_file in phpdbg_prompt.c). (nielsdos)

- SimpleXML:
  . Fix getting the address of an uninitialized property of a SimpleXMLElement
    resulting in a crash. (nielsdos)

- Tidy:
  . Fixed bug GH-12980 (tidynode.props.attribute is missing
    "Boolean Attributes" and empty attributes). (nielsdos)

21 Dec 2023, PHP 8.2.14

- Core:
  . Fixed oss-fuzz #54325 (Use-after-free of name in var-var with malicious
    error handler). (ilutov)
  . Fixed oss-fuzz #64209 (In-place modification of filename in
    php_message_handler_for_zend). (ilutov)
  . Fixed bug GH-12758 / GH-12768 (Invalid opline in OOM handlers within
    ZEND_FUNC_GET_ARGS and ZEND_BIND_STATIC). (Florian Engelhardt)
  . Fix various missing NULL checks. (nielsdos, dstogov)
  . Fixed bug GH-12835 (Leak of call->extra_named_params on internal __call).
    (ilutov)

- Date:
  . Fixed improbably integer overflow while parsing really large (or small)
    Unix timestamps. (Derick)

- DOM:
  . Fixed bug GH-12616 (DOM: Removing XMLNS namespace node results in invalid
    default: prefix). (nielsdos)

- FPM:
  . Fixed bug GH-12705 (Segmentation fault in fpm_status_export_to_zval).
    (Patrick Prasse)

- FTP:
  . Fixed bug GH-9348 (FTP & SSL session reuse). (nielsdos)

- Intl:
  . Fixed bug GH-12635 (Test bug69398.phpt fails with ICU 74.1). (nielsdos)

- LibXML:
  . Fixed bug GH-12702 (libxml2 2.12.0 issue building from src). (nono303)
  . Fixed test failures for libxml2 2.12.0. (nielsdos)

- MySQLnd:
  . Avoid using uninitialised struct. (mikhainin)
  . Fixed bug GH-12791 (Possible dereference of NULL in MySQLnd debug code).
    (nielsdos)

- Opcache:
  . Fixed JIT bug (Function JIT emits "Uninitialized string offset" warning
    at the same time as invalid offset Error). (Girgias)
  . Fixed JIT bug (JIT emits "Attempt to assign property of non-object"
    warning at the same time as Error is being thrown). (Girgias)

- OpenSSL:
  . Fixed bug #50713 (openssl_pkcs7_verify() may ignore untrusted CAs).
    (Jakub Zelenka)

- PCRE:
  . Fixed bug GH-12628 (The gh11374 test fails on Alpinelinux). (nielsdos)

- PDO PGSQL:
  . Fixed the default value of $fetchMode in PDO::pgsqlGetNotify() (kocsismate)

- PGSQL:
  . Fixed bug GH-12763 wrong argument type for pg_untrace. (degtyarov)

- PHPDBG:
  . Fixed bug GH-12675 (MEMORY_LEAK in phpdbg_prompt.c). (nielsdos)

- SOAP:
  . Fixed bug GH-12838 ([SOAP] Temporary WSDL cache files not being deleted).
    (nielsdos)

- SPL:
  . Fixed bug GH-12721 (SplFileInfo::getFilename() segfault in combination
    with GlobIterator and no directory separator). (nielsdos)

- SQLite3:
  . Fixed bug GH-12633 (sqlite3_defensive.phpt fails with sqlite 3.44.0).
    (SakiTakamachi)

- Standard:
  . Fix memory leak in syslog device handling. (danog)
  . Fixed bug GH-12621 (browscap segmentation fault when configured in the
    vhost). (nielsdos)
  . Fixed bug GH-12655 (proc_open() does not take into account references
    in the descriptor array). (nielsdos)

- Streams:
  . Fixed bug #79945 (Stream wrappers in imagecreatefrompng causes segfault).
    (Jakub Zelenka)

- Zip:
  . Fixed bug GH-12661 (Inconsistency in ZipArchive::addGlob remove_path Option
    Behavior). (Remi)

23 Nov 2023, PHP 8.2.13

- Core:
  . Fixed double-free of non-interned enum case name. (ilutov)
  . Fixed bug GH-12457 (Incorrect result of stripos with single character
    needle). (SakiTakamachi)
  . Fixed bug GH-12468 (Double-free of doc_comment when overriding static
    property via trait). (ilutov)
  . Fixed segfault caused by weak references to FFI objects. (sj-i)
  . Fixed max_execution_time: don't delete an unitialized timer. (Kévin Dunglas)
  . Fixed bug GH-12558 (Arginfo soft-breaks with namespaced class return type
    if the class name starts with N). (kocsismate)

- DOM:
  . Fix registerNodeClass with abstract class crashing. (nielsdos)
  . Add missing NULL pointer error check. (icy17)
  . Fix validation logic of php:function() callbacks. (nielsdos)

- Fiber:
  . Fixed bug GH-11121 (ReflectionFiber segfault). (danog, trowski, bwoebi)

- FPM:
  . Fixed bug GH-9921 (Loading ext in FPM config does not register module
    handlers). (Jakub Zelenka)
  . Fixed bug GH-12232 (FPM: segfault dynamically loading extension without
    opcache). (Jakub Zelenka)
  . Fixed bug #76922 (FastCGI terminates conn after FCGI_GET_VALUES).
    (Jakub Zelenka)

- Intl:
  . Removed the BC break on IntlDateFormatter::construct which threw an
    exception with an invalid locale. (David Carlier)

- Opcache:
  . Added warning when JIT cannot be enabled. (danog)
  . Fixed bug GH-8143 (Crashes in zend_accel_inheritance_cache_find since
    upgrading to 8.1.3 due to corrupt on-disk file cache). (turchanov)

- OpenSSL:
  . Fixed bug GH-12489 (Missing sigbio creation checking in openssl_cms_verify).
    (Jakub Zelenka)

- PCRE:
  . Fixed bug GH-11374 (Backport upstream fix, Different preg_match result
    with -d pcre.jit=0). (mvorisek)

- SOAP:
  . Fixed bug GH-12392 (Segmentation fault on SoapClient::__getTypes).
    (nielsdos)
  . Fixed bug #66150 (SOAP WSDL cache race condition causes Segmentation
    Fault). (nielsdos)
  . Fixed bug #67617 (SOAP leaves incomplete cache file on ENOSPC). (nielsdos)
  . Fix incorrect uri check in SOAP caching. (nielsdos)
  . Fix segfault and assertion failure with refcounted props and arrays.
    (nielsdos)
  . Fix potential crash with an edge case of persistent encoders. (nielsdos)
  . Fixed bug #75306 (Memleak in SoapClient). (nielsdos)

- Streams:
  . Fixed bug #75708 (getimagesize with "&$imageinfo" fails on StreamWrappers).
    (Jakub Zelenka)

- XMLReader:
  . Add missing NULL pointer error check. (icy17)

- XMLWriter:
  . Add missing NULL pointer error check. (icy17)

- XSL:
  . Add missing module dependency. (nielsdos)
  . Fix validation logic of php:function() callbacks. (nielsdos)

26 Oct 2023, PHP 8.2.12

- Core:
  . Fixed bug GH-12207 (memory leak when class using trait with doc block).
    (rioderelfte)
  . Fixed bug GH-12215 (Module entry being overwritten causes type errors in
    ext/dom). (nielsdos)
  . Fixed bug GH-12273 (__builtin_cpu_init check). (Freaky)
  . Fixed bug #80092 (ZTS + preload = segfault on shutdown). (nielsdos)

- CLI:
  . Ensure a single Date header is present. (coppolafab)

- CType:
  . Fixed bug GH-11997 (ctype_alnum 5 times slower in PHP 8.1 or greater).
    (nielsdos)

- DOM:
  . Restore old namespace reconciliation behaviour. (nielsdos)
  . Fixed bug GH-8996 (DOMNode serialization on PHP ^8.1). (nielsdos)

- Fileinfo:
  . Fixed bug GH-11891 (fileinfo returns text/xml for some svg files). (usarise)

- Filter:
  . Fix explicit FILTER_REQUIRE_SCALAR with FILTER_CALLBACK (ilutov)

- Hash:
  . Fixed bug GH-12186 (segfault copying/cloning a finalized HashContext).
    (MaxSem)

- Intl:
  . Fixed bug GH-12243 (segfault on IntlDateFormatter::construct).
    (David Carlier)
  . Fixed bug GH-12282 (IntlDateFormatter::construct should throw an exception
    on an invalid locale). (David Carlier)

- MySQLnd:
  . Fixed bug GH-12297 (PHP Startup: Invalid library (maybe not a PHP library)
    'mysqlnd.so' in Unknown on line). (nielsdos)

- Opcache:
  . Fixed opcache_invalidate() on deleted file. (mikhainin)
  . Fixed bug GH-12380 (JIT+private array property access inside closure
    accesses private property in child class). (nielsdos)

- PCRE:
  . Fixed bug GH-11956 (Backport upstream fix, PCRE regular expressions with
    JIT enabled gives different result). (nielsdos)

- SimpleXML:
  . Fixed bug GH-12170 (Can't use xpath with comments in SimpleXML). (nielsdos)
  . Fixed bug GH-12223 (Entity reference produces infinite loop in
    var_dump/print_r). (nielsdos)
  . Fixed bug GH-12167 (Unable to get processing instruction contents in
    SimpleXML). (nielsdos)
  . Fixed bug GH-12169 (Unable to get comment contents in SimpleXML).
    (nielsdos)

- Streams:
  . Fixed bug GH-12190 (binding ipv4 address with both address and port at 0).
    (David Carlier)

- XML:
  . Fix return type of stub of xml_parse_into_struct(). (nielsdos)
  . Fix memory leak when calling xml_parse_into_struct() twice. (nielsdos)

- XSL:
  . Fix type error on XSLTProcessor::transformToDoc return value with
    SimpleXML. (nielsdos)

28 Sep 2023, PHP 8.2.11

- Core:
  . Fixed bug GH-11937 (Constant ASTs containing objects). (ilutov)
  . Fixed bug GH-11790 (On riscv64 require libatomic if actually needed).
    (Jeremie Courreges-Anglas)
  . Fixed bug GH-11876: ini_parse_quantity() accepts invalid quantities.
    (Girgias)
  . Fixed bug GH-12073 (Segfault when freeing incompletely initialized
    closures). (ilutov)
  . Fixed bug GH-12060 (Internal iterator rewind handler is called twice).
    (ju1ius)
  . Fixed bug GH-12102 (Incorrect compile error when using array access on TMP
    value in function call). (ilutov)

- DOM:
  . Fix memory leak when setting an invalid DOMDocument encoding. (nielsdos)

- Iconv:
  . Fixed build for NetBSD which still uses the old iconv signature.
    (David Carlier)

- Intl:
  . Fixed bug GH-12020 (intl_get_error_message() broken after
    MessageFormatter::formatMessage() fails). (Girgias)

- MySQLnd:
  . Fixed bug GH-10270 (Invalid error message when connection via SSL fails:
    "trying to connect via (null)"). (Kamil Tekiela)

- ODBC:
  . Fixed memory leak with failed SQLPrepare. (NattyNarwhal)
  . Fixed persistent procedural ODBC connections not getting closed.
    (NattyNarwhal)

- SimpleXML:
  . Fixed bug #52751 (XPath processing-instruction() function is not
    supported). (nielsdos)

- SPL:
  . Fixed bug GH-11972 (RecursiveCallbackFilterIterator regression in 8.1.18).
    (nielsdos)

- SQLite3:
  . Fixed bug GH-11878 (SQLite3 callback functions cause a memory leak with
    a callable array). (nielsdos, arnaud-lb)

31 Aug 2023, PHP 8.2.10

- CLI:
  . Fixed bug GH-11716 (cli server crashes on SIGINT when compiled with
    ZEND_RC_DEBUG=1). (nielsdos)
  . Fixed bug GH-10964 (Improve man page about the built-in server).
    (Alexandre Daubois)

- Date:
  . Fixed bug GH-11416 (Crash with DatePeriod when uninitialised objects are
    passed in). (Derick)

- Core:
  . Fixed strerror_r detection at configuration time. (Kévin Dunglas)
  . Fixed trait typed properties using a DNF type not being correctly bound.
    (Girgias)
  . Fixed trait property types not being arena allocated if copied from
    an internal trait. (Girgias)
  . Fixed deep copy of property DNF type during lazy class load.
    (Girgias, ilutov)
  . Fixed memory freeing of DNF types for non arena allocated types.
    (Girgias, ju1ius)

- DOM:
  . Fix DOMEntity field getter bugs. (nielsdos)
  . Fix incorrect attribute existence check in DOMElement::setAttributeNodeNS.
    (nielsdos)
  . Fix DOMCharacterData::replaceWith() with itself. (nielsdos)
  . Fix empty argument cases for DOMParentNode methods. (nielsdos)
  . Fixed bug GH-11791 (Wrong default value of DOMDocument::xmlStandalone).
    (nielsdos)
  . Fix json_encode result on DOMDocument. (nielsdos)
  . Fix manually calling __construct() on DOM classes. (nielsdos)
  . Fixed bug GH-11830 (ParentNode methods should perform their checks
    upfront). (nielsdos)
  . Fix viable next sibling search for replaceWith. (nielsdos)
  . Fix segfault when DOMParentNode::prepend() is called when the child
    disappears. (nielsdos)

- FFI:
  . Fix leaking definitions when using FFI::cdef()->new(...). (ilutov)

- Hash:
  . Fix use-of-uninitialized-value in hash_pbkdf2(), fix missing $options
    parameter in signature. (ilutov)

- MySQLnd:
  . Fixed bug GH-11440 (authentication to a sha256_password account fails over
    SSL). (nielsdos)
  . Fixed bug GH-11438 (mysqlnd fails to authenticate with sha256_password
    accounts using passwords longer than 19 characters).
    (nielsdos, Kamil Tekiela)
  . Fixed bug GH-11550 (MySQL Statement has a empty query result when
    the response field has changed, also Segmentation fault).
    (Yurunsoft)
  . Fixed invalid error message "Malformed packet" when connection is dropped.
    (Kamil Tekiela)

- Opcache:
  . Fixed bug GH-11715 (opcache.interned_strings_buffer either has no effect or
    opcache_get_status() / phpinfo() is wrong). (nielsdos)
  . Avoid adding an unnecessary read-lock when loading script from shm if
    restart is in progress. (mikhainin)

- PCNTL:
  . Revert behaviour of receiving SIGCHLD signals back to the behaviour
    before 8.1.22. (nielsdos)

- SPL:
  . Fixed bug #81992 (SplFixedArray::setSize() causes use-after-free).
    (nielsdos)

- Standard:
  . Prevent int overflow on $decimals in number_format. (Marc Bennewitz)
  . Fixed bug GH-11870 (Fix off-by-one bug when truncating tempnam prefix)
    (athos-ribeiro)

03 Aug 2023, PHP 8.2.9

- Build:
  . Fixed bug GH-11522 (PHP version check fails with '-' separator).
    (SVGAnimate)

- CLI:
  . Fix interrupted CLI output causing the process to exit. (nielsdos)

- Core:
  . Fixed oss-fuzz #60011 (Mis-compilation of by-reference nullsafe operator).
    (ilutov)
  . Fixed line number of JMP instruction over else block. (ilutov)
  . Fixed use-of-uninitialized-value with ??= on assert. (ilutov)
  . Fixed oss-fuzz #60411 (Fix double-compilation of arrow-functions). (ilutov)
  . Fixed build for FreeBSD before the 11.0 releases. (David Carlier)

- Curl:
  . Fix crash when an invalid callback function is passed to
    CURLMOPT_PUSHFUNCTION. (nielsdos)

- Date:
  . Fixed bug GH-11368 (Date modify returns invalid datetime). (Derick)
  . Fixed bug GH-11600 (Can't parse time strings which include (narrow)
    non-breaking space characters). (Derick)
  . Fixed bug GH-11854 (DateTime:createFromFormat stopped parsing datetime with
    extra space). (nielsdos, Derick)

- DOM:
  . Fixed bug GH-11625 (DOMElement::replaceWith() doesn't replace node with
    DOMDocumentFragment but just deletes node or causes wrapping <></>
    depending on libxml2 version). (nielsdos)

- Fileinfo:
  . Fixed bug GH-11298 (finfo returns wrong mime type for xz files). (Anatol)

- FTP:
  . Fix context option check for "overwrite". (JonasQuinten)
  . Fixed bug GH-10562 (Memory leak and invalid state with consecutive
    ftp_nb_fget). (nielsdos)

- GD:
  . Fix most of the external libgd test failures. (Michael Orlitzky)

- Intl:
  . Fix memory leak in MessageFormatter::format() on failure. (Girgias)

- Libxml:
  . Fixed bug GHSA-3qrf-m4j2-pcrr (Security issue with external entity loading
    in XML without enabling it). (CVE-2023-3823) (nielsdos, ilutov)

- MBString:
  . Fix GH-11300 (license issue: restricted unicode license headers).
    (nielsdos)

- Opcache:
  . Fixed bug GH-10914 (OPCache with Enum and Callback functions results in
    segmentation fault). (nielsdos)
  . Prevent potential deadlock if accelerated globals cannot be allocated.
    (nielsdos)

- PCNTL:
  . Fixed bug GH-11498 (SIGCHLD is not always returned from proc_open).
    (nielsdos)

- PDO:
  . Fix	GH-11587 (After php8.1, when PDO::ATTR_EMULATE_PREPARES is true
    and PDO::ATTR_STRINGIFY_FETCHES is true, decimal zeros are no longer
    filled). (SakiTakamachi)

- PDO SQLite:
  . Fix GH-11492 (Make test failure: ext/pdo_sqlite/tests/bug_42589.phpt).
    (KapitanOczywisty, CViniciusSDias)

- Phar:
  . Add missing check on EVP_VerifyUpdate() in phar util. (nielsdos)
  . Fixed bug GHSA-jqcx-ccgc-xwhv (Buffer mismanagement in phar_dir_read()).
    (CVE-2023-3824) (nielsdos)

- PHPDBG:
  . Fixed bug GH-9669 (phpdbg -h options doesn't list the -z option). (adsr)

- Session:
  . Removed broken url support for transferring session ID. (ilutov)

- Standard:
  . Fix serialization of RC1 objects appearing in object graph twice. (ilutov)

- Streams:
  . Fixed bug GH-11735 (Use-after-free when unregistering user stream wrapper
    from itself). (ilutov)

- SQLite3:
  . Fix replaced error handling in SQLite3Stmt::__construct. (nielsdos)

- XMLReader:
  . Fix GH-11548 (Argument corruption when calling XMLReader::open or
    XMLReader::XML non-statically with observer active). (Bob)

06 Jul 2023, PHP 8.2.8

- CLI:
  . Fixed bug GH-11246 (cli/get_set_process_title fails on MacOS).
    (James Lucas)

- Core:
  . Fixed build for the riscv64 architecture/GCC 12. (Daniil Gentili)

- Curl:
  . Fixed bug GH-11433 (Unable to set CURLOPT_ACCEPT_ENCODING to NULL).
    (nielsdos)

- Date:
  . Fixed bug GH-11455 (Segmentation fault with custom object date properties).
    (nielsdos)

- DOM:
  . Fixed bugs GH-11288 and GH-11289 and GH-11290 and GH-9142 (DOMExceptions
    and segfaults with replaceWith). (nielsdos)
  . Fixed bug GH-10234 (Setting DOMAttr::textContent results in an empty
    attribute value). (nielsdos)
  . Fix return value in stub file for DOMNodeList::item. (divinity76)
  . Fix spec compliance error with '*' namespace for
    DOMDocument::getElementsByTagNameNS. (nielsdos)
  . Fix DOMElement::append() and DOMElement::prepend() hierarchy checks.
    (nielsdos)
  . Fixed bug GH-11347 (Memory leak when calling a static method inside an
    xpath query). (nielsdos)
  . Fixed bug #67440 (append_node of a DOMDocumentFragment does not reconcile
    namespaces). (nielsdos)
  . Fixed bug #81642 (DOMChildNode::replaceWith() bug when replacing a node
    with itself). (nielsdos)
  . Fixed bug #77686 (Removed elements are still returned by getElementById).
    (nielsdos)
  . Fixed bug #70359 (print_r() on DOMAttr causes Segfault in
    php_libxml_node_free_list()). (nielsdos)
  . Fixed bug #78577 (Crash in DOMNameSpace debug info handlers). (nielsdos)
  . Fix lifetime issue with getAttributeNodeNS(). (nielsdos)
  . Fix "invalid state error" with cloned namespace declarations. (nielsdos)
  . Fixed bug #55294 and #47530 and #47847 (various namespace reconciliation
    issues). (nielsdos)
  . Fixed bug #80332 (Completely broken array access functionality with
    DOMNamedNodeMap). (nielsdos)

- Opcache:
  . Fix allocation loop in zend_shared_alloc_startup(). (nielsdos)
  . Access violation on smm_shared_globals with ALLOC_FALLBACK. (KoudelkaB)
  . Fixed bug GH-11336 (php still tries to unlock the shared memory ZendSem
    with opcache.file_cache_only=1 but it was never locked). (nielsdos)

- OpenSSL:
  . Fixed bug GH-9356 Incomplete validation of IPv6 Address fields in
    subjectAltNames (James Lucas, Jakub Zelenka).

- PCRE:
  . Fix preg_replace_callback_array() pattern validation. (ilutov)

- PGSQL:
  . Fixed intermittent segfault with pg_trace. (David Carlier)

- Phar:
  . Fix cross-compilation check in phar generation for FreeBSD. (peter279k)

- SPL:
  . Fixed bug GH-11338 (SplFileInfo empty getBasename with more than one
    slash). (nielsdos)

- Standard:
  . Fix access on NULL pointer in array_merge_recursive(). (ilutov)
  . Fix exception handling in array_multisort(). (ilutov)

- SQLite3:
  . Fixed bug GH-11451 (Invalid associative array containing duplicate
    keys). (nielsdos)

08 Jun 2023, PHP 8.2.7

- Core:
  . Fixed bug GH-11152 (Unable to alias namespaces containing reserved class
    names). (ilutov)
  . Fixed bug GH-9068 (Conditional jump or move depends on uninitialised
    value(s)). (nielsdos)
  . Fixed bug GH-11189 (Exceeding memory limit in zend_hash_do_resize leaves
    the array in an invalid state). (Bob)
  . Fixed bug GH-11063 (Compilation error on old GCC versions). (ingamedeo)
  . Fixed bug GH-11222 (foreach by-ref may jump over keys during a rehash).
    (Bob)

- Date:
  . Fixed bug GH-11281 (DateTimeZone::getName() does not include seconds in
    offset). (nielsdos)

- Exif:
  . Fixed bug GH-10834 (exif_read_data() cannot read smaller stream wrapper
    chunk sizes). (nielsdos)

- FPM:
  . Fixed bug GH-10461 (PHP-FPM segfault due to after free usage of
    child->ev_std(out|err)). (Jakub Zelenka)
  . Fixed bug #64539 (FPM status page: query_string not properly JSON encoded).
    (Jakub Zelenka)
  . Fixed memory leak for invalid primary script file handle. (Jakub Zelenka)

- Hash:
  . Fixed bug GH-11180 (hash_file() appears to be restricted to 3 arguments).
    (nielsdos)

- LibXML:
  . Fixed bug GH-11160 (Few tests failed building with new libxml 2.11.0).
    (nielsdos)

- MBString:
  . Fix bug GH-11217 (Segfault in mb_strrpos / mb_strripos when using negative
    offset and ASCII encoding). (ilutov)

- Opcache:
  . Fixed bug GH-11134 (Incorrect match default branch optimization). (ilutov)
  . Fixed too wide OR and AND range inference. (nielsdos)
  . Fixed missing class redeclaration error with OPcache enabled. (ilutov)
  . Fixed bug GH-11245 (In some specific cases SWITCH with one default
    statement will cause segfault). (nielsdos)

- PCNTL:
  . Fixed maximum argument count of pcntl_forkx(). (nielsdos)

- PGSQL:
  . Fixed parameter parsing of pg_lo_export(). (kocsismate)

- Phar:
  . Fixed bug GH-11099 (Generating phar.php during cross-compile can't be
    done). (peter279k)

- Soap:
  . Fixed bug GHSA-76gg-c692-v2mw (Missing error check and insufficient random
    bytes in HTTP Digest authentication for SOAP).
    (CVE-2023-3247) (nielsdos, timwolla)
  . Fixed bug GH-8426 (make test fail while soap extension build). (nielsdos)

- SPL:
  . Fixed bug GH-11178 (Segmentation fault in spl_array_it_get_current_data
    (PHP 8.1.18)). (nielsdos)

- Standard:
  . Fixed bug GH-11138 (move_uploaded_file() emits open_basedir warning for
    source file). (ilutov)
  . Fixed bug GH-11274 (POST/PATCH request switches to GET after a HTTP 308
    redirect). (nielsdos)

- Streams:
  . Fixed bug GH-10031 ([Stream] STREAM_NOTIFY_PROGRESS over HTTP emitted
    irregularly for last chunk of data). (nielsdos)
  . Fixed bug GH-11175 (Stream Socket Timeout). (nielsdos)
  . Fixed bug GH-11177 (ASAN UndefinedBehaviorSanitizer when timeout = -1
    passed to stream_socket_accept/stream_socket_client). (nielsdos)

11 May 2023, PHP 8.2.6

- Core:
  . Fix inconsistent float negation in constant expressions. (ilutov)
  . Fixed bug GH-8841 (php-cli core dump calling a badly formed function).
    (nielsdos)
  . Fixed bug GH-10737 (PHP 8.1.16 segfaults on line 597 of
    sapi/apache2handler/sapi_apache2.c). (nielsdos, ElliotNB)
  . Fixed bug GH-11028 (Heap Buffer Overflow in zval_undefined_cv.). (nielsdos)
  . Fixed bug GH-11108 (Incorrect CG(memoize_mode) state after bailout in ??=).
    (ilutov)

- Date:
  . Fixed bug where the diff() method would not return the right result around
    DST changeover for date/times associated with a timezone identifier. (Derick)
  . Fixed out-of-range bug when converting to/from around the LONG_MIN unix
    timestamp. (Derick)

- DOM:
  . Fixed bug #80602 (Segfault when using DOMChildNode::before()).
    (Nathan Freeman)
  . Fixed incorrect error handling in dom_zvals_to_fragment(). (nielsdos)

- Exif:
  . Fixed bug GH-9397 (exif read : warnings and errors : Potentially invalid
    endianess, Illegal IFD size and Undefined index). (nielsdos)

- Intl:
  . Fixed bug GH-11071 (TZData version not displayed anymore). (Remi)

- PCRE:
  . Fixed bug GH-10968 (Segfault in preg_replace_callback_array()). (ilutov)

- Reflection:
  . Fixed bug GH-10983 (State-dependant segfault in
    ReflectionObject::getProperties). (nielsdos)

- SPL:
  . Handle indirect zvals and use up-to-date properties in
    SplFixedArray::__serialize. (nielsdos)

- Standard:
  . Fixed bug GH-10990 (mail() throws TypeError after iterating over
    $additional_headers array by reference). (nielsdos)
  . Fixed bug GH-9775 (Duplicates returned by array_unique when using enums).
    (ilutov)

- Streams:
  . Fixed bug GH-10406 (feof() behavior change for UNIX based socket
    resources). (Jakub Zelenka)

13 Apr 2023, PHP 8.2.5

- Core:
  . Added optional support for max_execution_time in ZTS/Linux builds
    (Kévin Dunglas)
  . Fixed use-after-free in recursive AST evaluation. (ilutov)
  . Fixed bug GH-8646 (Memory leak PHP FPM 8.1). (nielsdos)
  . Re-add some CTE functions that were removed from being CTE by a mistake.
    (mvorisek)
  . Remove CTE flag from array_diff_ukey(), which was added by mistake.
    (mvorisek)
  . Fixed bug GH-10801 (Named arguments in CTE functions cause a segfault).
    (nielsdos)
  . Fixed bug GH-8789 (PHP 8.0.20 (ZTS) zend_signal_handler_defer crashes on
    apache). (nielsdos)
  . Fixed bug GH-10015 (zend_signal_handler_defer crashes on apache shutdown).
    (nielsdos)
  . Fixed bug GH-10810 (Fix NUL byte terminating Exception::__toString()).
    (ilutov)
  . Fix potential memory corruption when mixing __callStatic() and FFI. (ilutov)

- Date:
  . Fixed bug GH-10747 (Private and protected properties in serialized Date*
    objects throw). (Derick)

- FPM:
  . Fixed bug GH-10611 (fpm_env_init_main leaks environ). (nielsdos)
  . Destroy file_handle in fpm_main. (Jakub Zelenka, nielsdos)
  . Fixed bug #74129 (Incorrect SCRIPT_NAME with apache ProxyPassMatch when
    spaces are in path). (Jakub Zelenka)

- FTP:
  . Propagate success status of ftp_close(). (nielsdos)
  . Fixed bug GH-10521 (ftp_get/ftp_nb_get resumepos offset is maximum 10GB).
    (nielsdos)

- IMAP:
  . Fix build failure with Clang 16. (orlitzky)

- MySQLnd:
  . Fixed bug GH-8979 (Possible Memory Leak with SSL-enabled MySQL
    connections). (nielsdos)

- Opcache:
  . Fixed build for macOS to cater with pkg-config settings. (David Carlier)
  . Fixed bug GH-8065 (opcache.consistency_checks > 0 causes segfaults in
    PHP >= 8.1.5 in fpm context). (nielsdos)

- OpenSSL:
  . Add missing error checks on file writing functions. (nielsdos)

- PDO Firebird:
  . Fixed bug GH-10908 (Bus error with PDO Firebird on RPI with 64 bit kernel
    and 32 bit userland). (nielsdos)

- Phar:
  . Fixed bug GH-10766 (PharData archive created with Phar::Zip format does
    not keep files metadata (datetime)). (nielsdos)
  . Add missing error checks on EVP_MD_CTX_create() and EVP_VerifyInit().
    (nielsdos)

- PDO ODBC:
  . Fixed missing and inconsistent error checks on SQLAllocHandle. (nielsdos)

- PGSQL:
  . Fixed typo in the array returned from pg_meta_data (extended mode).
    (David Carlier)

- SPL:
  . Fixed bug GH-10519 (Array Data Address Reference Issue). (Nathan Freeman)
  . Fixed bug GH-10907 (Unable to serialize processed SplFixedArrays in
    PHP 8.2.4). (nielsdos)
  . Fixed bug GH-10844 (ArrayIterator allows modification of readonly props).
    (ilutov)

- Standard:
  . Fixed bug GH-10885 (stream_socket_server context leaks). (ilutov)
  . Fixed bug GH-10052 (Browscap crashes PHP 8.1.12 on request shutdown
    (apache2)). (nielsdos)
  . Fixed oss-fuzz #57392 (Buffer-overflow in php_fgetcsv() with \0 delimiter
    and enclosure). (ilutov)
  . Fixed undefined behaviour in unpack(). (nielsdos)

16 Mar 2023, PHP 8.2.4

- Core:
  . Fixed incorrect check condition in ZEND_YIELD. (nielsdos)
  . Fixed incorrect check condition in type inference. (nielsdos)
  . Fix incorrect check in zend_internal_call_should_throw(). (nielsdos)
  . Fixed overflow check in OnUpdateMemoryConsumption. (nielsdos)
  . Fixed bug GH-9916 (Entering shutdown sequence with a fiber suspended in a
    Generator emits an unavoidable fatal error or crashes). (Arnaud)
  . Fixed bug GH-10437 (Segfault/assertion when using fibers in shutdown
    function after bailout). (trowski)
  . Fixed SSA object type update for compound assignment opcodes. (nielsdos)
  . Fixed language scanner generation build. (Daniel Black)
  . Fixed zend_update_static_property() calling zend_update_static_property_ex()
    misleadingly with the wrong return type. (nielsdos)
  . Fix bug GH-10570 (Fixed unknown string hash on property fetch with integer
    constant name). (nielsdos)
  . Fixed php_fopen_primary_script() call resulted on zend_destroy_file_handle()
    freeing dangling pointers on the handle as it was uninitialized. (nielsdos)

- Curl:
  . Fixed deprecation warning at compile time. (Max Kellermann)
  . Fixed bug GH-10270 (Unable to return CURL_READFUNC_PAUSE in readfunc
    callback). (Pierrick Charron)

- Date:
  . Fix GH-10447 ('p' format specifier does not yield 'Z' for 00:00). (Derick)
  . Fix GH-10152 (Custom properties of Date's child classes are not
    serialised). (Derick)

- FFI:
  . Fixed incorrect bitshifting and masking in ffi bitfield. (nielsdos)

- Fiber:
  . Fixed assembly on alpine x86. (nielsdos)
  . Fixed bug GH-10496 (segfault when garbage collector is invoked inside of
    fiber). (Bob, Arnaud)

- FPM:
  . Fixed bug GH-10315 (FPM unknown child alert not valid). (Jakub Zelenka)
  . Fixed bug GH-10385 (FPM successful config test early exit). (nielsdos)

- GMP:
  . Properly implement GMP::__construct(). (nielsdos)

- Intl:
  . Fixed bug GH-10647 (Spoolchecker isSuspicious/areConfusable methods
    error code's argument always returning NULL0. (Nathan Freeman)

- JSON:
  . Fixed JSON scanner and parser generation build.
    (Daniel Black, Jakub Zelenka)

- MBString:
  . ext/mbstring: fix new_value length check. (Max Kellermann)
  . Fix bug GH-10627 (mb_convert_encoding crashes PHP on Windows). (nielsdos)

- Opcache:
  . Fix incorrect page_size check. (nielsdos)
  . Fix readonly modification check when using inc/dec operators on readonly
    property with JIT. (ilutov)

- OpenSSL:
  . Fixed php_openssl_set_server_dh_param() DH params errors handling. (nielsdos)

- PDO OCI:
  . Fixed bug #60994 (Reading a multibyte CLOB caps at 8192 chars).
    (Michael Voříšek)

- PHPDBG:
  . Fixed bug GH-10715 (heap buffer overflow on --run option misuse). (nielsdos)

- PGSQL:
  . Fix GH-10672 (pg_lo_open segfaults in the strict_types mode). (girgias)

- Phar:
  . Fix incorrect check in phar tar parsing. (nielsdos)

- Random:
  . Fix GH-10390 (Do not trust arc4random_buf() on glibc). (timwolla)
  . Fix GH-10292 (Made the default value of the first param of srand() and
    mt_srand() unknown). (kocsismate)

- Reflection:
  . Fixed bug GH-10623 (Reflection::getClosureUsedVariables opcode fix with
    variadic arguments). (nielsdos)
  . Fix Segfault when using ReflectionFiber suspended by an internal function.
    (danog)

- Session:
  . Fixed ps_files_cleanup_dir() on failure code paths with -1 instead of 0 as
    the latter was considered success by callers. (nielsdos).

- Standard:
  . Fixed bug GH-8086 (Introduce mail.mixed_lf_and_crlf INI). (Jakub Zelenka)
  . Fixed bug GH-10292 (Made the default value of the first param of srand() and
    mt_srand() unknown). (kocsismate)
  . Fix incorrect check in cs_8559_5 in map_from_unicode(). (nielsdos)
  . Fix bug GH-9697 for reset/end/next/prev() attempting to move pointer of
    properties table for certain internal classes such as FFI classes
  . Fix incorrect error check in browsecap for pcre2_match(). (nielsdos)

- Streams:
  . Fixed bug GH-10370 (File corruption in _php_stream_copy_to_stream_ex when
    using copy_file_range). (nielsdos)
  . Fixed bug GH-10548 (copy() fails on cifs mounts because of incorrect
    copy_file_range() len). (nielsdos)

- Tidy:
  . Fix memory leaks when attempting to open a non-existing file or a file over
    4GB. (Girgias)
  . Add missing error check on tidyLoadConfig. (nielsdos)

- Zlib:
  . Fixed output_handler directive value's length which counted the string
    terminator. (nieldos)

14 Feb 2023, PHP 8.2.3

- Core:
  . Fixed bug #81744 (Password_verify() always return true with some hash).
    (CVE-2023-0567). (Tim Düsterhus)
  . Fixed bug #81746 (1-byte array overrun in common path resolve code).
    (CVE-2023-0568). (Niels Dossche)

- SAPI:
  . Fixed bug GHSA-54hq-v5wp-fqgv (DOS vulnerability when parsing multipart
    request body). (CVE-2023-0662) (Jakub Zelenka)

02 Feb 2023, PHP 8.2.2

- Core:
  . Fixed bug GH-10200 (zif_get_object_vars:
    Assertion `!(((__ht)->u.flags & (1<<2)) != 0)' failed). (nielsdos)
  . Fix GH-10251 (Assertion `(flag & (1<<3)) == 0' failed). (nielsdos)
  . Fix GH-10240 (Assertion failure when adding more than 2**30 elements to an
    unpacked array). (Arnaud)
  . Fix GH-9735 (Fiber stack variables do not participate in cycle collector).
    (Arnaud)
  . Fix GH-9675 (Broken run_time_cache init for internal enum methods).
    (Petar Obradović, Bob)
  . Fix GH-10248 (Assertion `!(zval_get_type(&(*(property))) == 10)' failed).
    (nielsdos)

- FPM:
  . Fixed bug #77106 (Missing separator in FPM FastCGI errors). (Jakub Zelenka)
  . Fixed bug GH-9981 (FPM does not reset fastcgi.error_header).
    (Jakub Zelenka)
  . Fixed bug #68591 (Configuration test does not perform UID lookups).
    (Jakub Zelenka)
  . Fixed memory leak when running FPM config test. (Jakub Zelenka)
  . Fixed bug #67244 (Wrong owner:group for listening unix socket).
    (Jakub Zelenka)

- Hash:
  . Handle exceptions from __toString in XXH3's initialization (nielsdos)

- LDAP:
  . Fixed bug GH-10112 (LDAP\Connection::__construct() refers to ldap_create()).
    (cmb)

- Opcache:
  . Fix inverted bailout value in zend_runtime_jit() (Max Kellermann).
  . Fix access to uninitialized variable in accel_preload(). (nielsdos)
  . Fix zend_jit_find_trace() crashes. (Max Kellermann)
  . Added missing lock for EXIT_INVALIDATE in zend_jit_trace_exit. (Max Kellermann)

- Phar:
  . Fix wrong flags check for compression method in phar_object.c (nielsdos)

- PHPDBG:
  . Fix undefined behaviour in phpdbg_load_module_or_extension(). (nielsdos)
  . Fix NULL pointer dereference in phpdbg_create_conditional_breal(). (nielsdos)
  . Fix GH-9710: phpdbg memory leaks by option "-h" (nielsdos)
  . Fix phpdbg segmentation fault in case of malformed input (nielsdos)

- Posix:
  . Fix memory leak in posix_ttyname() (girgias)

- Random:
  . Fixed bug GH-10247 (Theoretical file descriptor leak for /dev/urandom). (timwolla)

- Standard:
  . Fix GH-10187 (Segfault in stripslashes() with arm64). (nielsdos)
  . Fixed bug GH-10214 (Incomplete validation of object syntax during
    unserialize()). (timwolla)
  . Fix substr_replace with slots in repl_ht being UNDEF. (nielsdos)

- XMLWriter
  . Fix missing check for xmlTextWriterEndElement (nielsdos)

05 Jan 2023, PHP 8.2.1

- Core:
  . Fixed bug GH-9905 (constant() behaves inconsistent when class is undefined).
    (cmb)
  . Fixed bug GH-9918 (License information for xxHash is not included in
    README.REDIST.BINS file). (Akama Hitoshi)
  . Fixed bug GH-9890 (OpenSSL legacy providers not available on Windows). (cmb)
  . Fixed bug GH-9650 (Can't initialize heap: [0x000001e7]). (Michael Voříšek)
  . Fixed potentially undefined behavior in Windows ftok(3) emulation. (cmb)
  . Fixed GH-9769 (Misleading error message for unpacking of objects). (jhdxr)

- Apache:
  . Fixed bug GH-9949 (Partial content on incomplete POST request). (cmb)

- FPM:
  . Fixed bug GH-9959 (Solaris port event mechanism is still broken after bug
    #66694). (Petr Sumbera)
  . Fixed bug #68207 (Setting fastcgi.error_header can result in a WARNING).
    (Jakub Zelenka)
  . Fixed bug #80669 (FPM numeric user fails to set groups). (Jakub Zelenka)
  . Fixed bug GH-8517 (Random crash of FPM master process in
    fpm_stdio_child_said). (Jakub Zelenka)

- Imap:
  . Fixed bug GH-10051 (IMAP: there's no way to check if a IMAP\Connection is
    still open). (Girgias)

- MBString:
  . Fixed bug GH-9535 (The behavior of mb_strcut in mbstring has been changed in
    PHP8.1). (Nathan Freeman)

- Opcache:
  . Fixed bug GH-9968 (Segmentation Fault during OPCache Preload).
    (Arnaud, michdingpayc)

- OpenSSL:
  . Fixed bug GH-9997 (OpenSSL engine clean up segfault). (Jakub Zelenka)
  . Fixed bug GH-9064 (PHP fails to build if openssl was built with --no-ec).
    (Jakub Zelenka)
  . Fixed bug GH-10000 (OpenSSL test failures when OpenSSL compiled with
    no-dsa). (Jakub Zelenka)

- Pcntl:
  . Fixed bug GH-9298 (Signal handler called after rshutdown leads to crash).
    (Erki Aring)

- PDO_Firebird:
  . Fixed bug GH-9971 (Incorrect NUMERIC value returned from PDO_Firebird).
    (cmb)

- PDO/SQLite:
  . Fixed bug #81740 (PDO::quote() may return unquoted string). (CVE-2022-31631)
    (cmb)

- Session:
  . Fixed GH-9932 (session name silently fails with . and [). (David Carlier)

- SPL:
  . Fixed GH-9883 (SplFileObject::__toString() reads next line). (Girgias)
  . Fixed GH-10011 (Trampoline autoloader will get reregistered and cannot be
    unregistered). (Girgias)

- SQLite3:
  . Fixed bug #81742 (open_basedir bypass in SQLite3 by using file URI). (cmb)

- TSRM:
  . Fixed Windows shmget() wrt. IPC_PRIVATE. (Tyson Andre)

08 Dec 2022, PHP 8.2.0

- CLI:
  . Fixed bug #81496 (Server logs incorrect request method). (lauri)
  . Updated the mime-type table for the builtin-server. (Ayesh Karunaratne)
  . Fixed potential overflow for the builtin server via the
    PHP_CLI_SERVER_WORKERS environment variable. (yiyuaner)
  . Fixed GH-8575 by changing STDOUT, STDERR and STDIN to not close on resource
    destruction. (Jakub Zelenka)
  . Implement built-in web server responding without body to HEAD request on
    a static resource. (Vedran Miletic, Marin Martuslovic)
  . Implement built-in web server responding with HTTP status 405 to
    DELETE/PUT/PATCH request on a static resource.
    (Vedran Miletic, Marin Martuslovic)
  . Fixed bug GH-9709 (Null pointer dereference with -w/-s options).
    (Adam Saponara)

- COM:
  . Fixed bug GH-8750 (Can not create VT_ERROR variant type). (cmb)

- Core:
  . Fixed bug #81380 (Observer may not be initialized properly). (krakjoe)
  . Fixed bug GH-7771 (Fix filename/lineno of constant expressions). (ilutov)
  . Fixed bug GH-7792 (Improve class type in error messages). (ilutov)
  . Support huge pages on MacOS. (David CARLIER)
  . Fixed bug GH-8655 (Casting an object to array does not unwrap refcount=1
    references). (Nicolas Grekas)
  . Fixed bug GH-8661 (Nullsafe in coalesce triggers undefined variable
    warning). (ilutov)
  . Fixed bug GH-7821 and GH-8418 (Allow arbitrary const expressions in backed
    enums). (ilutov)
  . Fixed bug GH-8810 (Incorrect lineno in backtrace of multi-line function
    calls). (ilutov)
  . Optimised code path for newly created file with the stream plain wrapper. (Max Kellermann)
  . Uses safe_perealloc instead of perealloc for the
    ZEND_PTR_STACK_RESIZE_IF_NEEDED to avoid possible overflows. (David Carlier)
  . Reduced the memory footprint of strings returned by var_export(),
    json_encode(), serialize(), iconv_*(), mb_ereg*(), session_create_id(),
    http_build_query(), strstr(), Reflection*::__toString(). (Arnaud)
  . Fixed bug GH-8995 (WeakMap object reference offset causing TypeError).
    (Tobias Bachert)
  . Added error_log_mode ini setting. (Mikhail Galanin)
  . Updated request startup messages. (Eric Norris)
  . Fixed bug GH-7900 (Arrow function with never return type compile-time
    errors). (ilutov)
  . Fixed incorrect double to long casting in latest clang. (zeriyoshi)
  . Added support for defining constants in traits. (sj-i)
  . Stop incorrectly emitting false positive deprecation notice alongside
    unsupported syntax fatal error for `"{$g{'h'}}"`. (TysonAndre)
  . Fix unexpected deprecated dynamic property warning, which occurred when
    exit() in finally block after an exception was thrown without catching.
    (Twosee)
  . Fixed bug GH-9323 (Crash in ZEND_RETURN/GC/zend_call_function)
    (Tim Starling)
  . Fixed bug GH-9227 (Trailing dots and spaces in filenames are ignored).
    (cmb)
  . Fixed bug GH-9285 (Traits cannot be used in readonly classes).
    (kocsismate)
  . Fixed bug GH-9186 (@strict-properties can be bypassed using
    unserialization). (kocsismate)
  . Fixed bug GH-9500 (Using dnf type with parentheses after readonly keyword
    results in a parse error). (ilutov)
  . Fixed bug GH-9516 ((A&B)|D as a param should allow AB or D. Not just A).
    (Girgias)
  . Fixed observer class notify with Opcache file_cache_only=1. (ilutov)
  . Fixes segfault with Fiber on FreeBSD i386 architecture. (David Carlier)
  . Fixed bug GH-9655 (Pure intersection types cannot be implicitly nullable)
    (Girgias)
  . Fixed bug GH-9589 (dl() segfaults when module is already loaded). (cmb,
    Arnaud)
  . Fixed bug GH-9752 (Generator crashes when interrupted during argument
    evaluation with extra named params). (Arnaud)
  . Fixed bug GH-9801 (Generator crashes when memory limit is exceeded during
    initialization). (Arnaud)
  . Fixed a bug with preloaded enums possibly segfaulting. (Bob)
  . Fixed bug GH-9823 (Don’t reset func in zend_closure_internal_handler).
    (Florian Sowade)
  . Fixed potential NULL pointer dereference Windows shm*() functions. (cmb)
  . Fix target validation for internal attributes with constructor property
    promotion. (kooldev)
  . Fixed bug GH-9750 (Generator memory leak when interrupted during argument
    evaluation. (Arnaud)

- Curl:
  . Added support for CURLOPT_XFERINFOFUNCTION. (David Carlier)
  . Added support for CURLOPT_MAXFILESIZE_LARGE. (David Carlier)
  . Added new constants from cURL 7.62 to 7.80. (Pierrick)
  . New function curl_upkeep(). (Pierrick)

- Date:
  . Fixed GH-8458 (DateInterval::createFromDateString does not throw if
    non-relative items are present). (Derick)
  . Fixed bug #52015 (Allow including end date in DatePeriod iterations)
    (Daniel Egeberg, Derick)
  . idate() now accepts format specifiers "N" (ISO Day-of-Week) and "o" (ISO
    Year). (Pavel Djundik)
  . Fixed bug GH-8730 (DateTime::diff miscalculation is same time zone of
    different type). (Derick)
  . Fixed bug GH-8964 (DateTime object comparison after applying delta less
    than 1 second). (Derick)
  . Fixed bug GH-9106: (DateInterval 1.5s added to DateTimeInterface is rounded
    down since PHP 8.1.0). (Derick)
  . Fixed bug #75035 (Datetime fails to unserialize "extreme" dates).
    (Derick)
  . Fixed bug #80483 (DateTime Object with 5-digit year can't unserialized).
    (Derick)
  . Fixed bug #81263 (Wrong result from DateTimeImmutable::diff). (Derick)
  . Fixed bug GH-9431 (DateTime::getLastErrors() not returning false when no
    errors/warnings). (Derick)
  . Fixed bug with parsing large negative numbers with the @ notation. (Derick)

- DBA:
  . Fixed LMDB driver hanging when attempting to delete a non-existing key
    (Girgias)
  . Fixed LMDB driver memory leak on DB creation failure (Girgias)
  . Fixed GH-8856 (dba: lmdb: allow to override the MDB_NOSUBDIR flag). (Girgias)

- FFI:
  . Fixed bug GH-9090 (Support assigning function pointers in FFI). (Adam
    Saponara)

- Fileinfo:
  . Fixed bug GH-8805 (finfo returns wrong mime type for woff/woff2 files).
    (Anatol)

- Filter:
  . Added FILTER_FLAG_GLOBAL_RANGE to filter Global IPs. (vnsavage)

- FPM:
  . Emit error for invalid port setting. (David Carlier)
  . Added extra check for FPM proc dumpable on SELinux based systems.
    (David Carlier)
  . Added support for listening queue on macOS. (David Carlier)
  . Changed default for listen.backlog on Linux to -1. (Cristian Rodríguez)
  . Added listen.setfib pool option to set route FIB on FreeBSD. (David Carlier)
  . Added access.suppress_path pool option to filter access log entries.
    (Mark Gallagher)
  . Fixed on fpm scoreboard occasional warning on acquisition failure.
    (Felix Wiedemann)
  . Fixed bug GH-9754 (SaltStack (using Python subprocess) hangs when running
    php-fpm 8.1.11). (Jakub Zelenka)

- FTP:
  . Fix datetime format string to follow POSIX spec in ftp_mdtm(). (Jihwan Kim)

- GD:
  . Fixed bug #81739: OOB read due to insufficient input validation in
    imageloadfont(). (CVE-2022-31630) (cmb)

- GMP:
  . Fixed bug GH-9308 (GMP throws the wrong error when a GMP object is passed
    to gmp_init()). (Girgias)

- Hash:
  . Fixed bug #81738: buffer overflow in hash_update() on long parameter.
    (CVE-2022-37454) (nicky at mouha dot be)
  . Fixed bug GH-10077: Fix compilation on RHEL 7 ppc64le. (Mattias Ellert)

- Intl:
  . Update all grandfathered language tags with preferred values
  . Fixed GH-7939 (Cannot unserialize IntlTimeZone objects). (cmb)
  . Fixed build for ICU 69.x and onwards. (David Carlier)
  . Declared Transliterator::$id as readonly to unlock subclassing it. (Nicolas
    Grekas)
  . Fixed bug GH-9421 (Incorrect argument number for ValueError in NumberFormatter).
    (Girgias)

- MBString:
  . Fixed bug GH-9248 (Segmentation fault in mb_strimwidth()). (cmb)

- mysqli:
  . Fixed bug GH-9841 (mysqli_query throws warning despite using
    silenced error mode). (Kamil Tekiela)

- MySQLnd:
  . Fixed potential heap corruption due to alignment mismatch. (cmb)

- OCI8:
  . Added oci8.prefetch_lob_size directive to tune LOB query performance
  . Support for building against Oracle Client libraries 10.1 and 10.2 has been
    dropped. Oracle Client libraries 11.2 or newer are now required.

- ODBC:
  . Fixed bug GH-8300 (User input not escaped when building connection string).
    (Calvin Buckley)
  . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
    Buckley)

- Opcache:
  . Allocate JIT buffer close to PHP .text segemnt to allow using direct
    IP-relative calls and jumps.
    (Su Tao, Wang Xue, Chen Hu, Lizhen Lizhen, Dmitry)
  . Added initial support for JIT performance profiling generation
    for macOs Instrument. (David Carlier)
  . Fixed bug GH-8030 (Segfault with JIT and large match/switch statements).
    (Arnaud)
  . Added JIT support improvement for macOs for segments and executable permission
    bit handling. (David Carlier)
  . Added JIT buffer allocation near the .text section on FreeNSD. (David Carlier)
  . Fixed bug GH-9371 (Crash with JIT on mac arm64)
    (jdp1024/David Carlier)
  . Fixed bug GH-9259 (opcache.interned_strings_buffer setting integer
    overflow). (Arnaud)
  . Added indirect call reduction for jit on x86 architectures. (wxue1)

- OPcache:
  . Fixed bug GH-9164 (Segfault in zend_accel_class_hash_copy).
    (Arnaud, Sergei Turchanov)

- OpenSSL:
  . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
  . Fixed bug GH-9310 (SSL local_cert and local_pk do not respect
    open_basedir). (Jakub Zelenka)
  . Implement FR #76935 ("chacha20-poly1305" is an AEAD but does not work like
    AEAD). (Jakub Zelenka)
  . Added openssl_cipher_key_length function. (Jakub Zelenka)
  . Fixed bug GH-9517 (Compilation error openssl extension related to PR
    GH-9366). (Jakub Zelenka)
  . Fixed missing clean up of OpenSSL engine list - attempt to fix GH-8620.
    (Jakub Zelenka)
  . Fixed bug GH-8430 (OpenSSL compiled with no-md2, no-md4 or no-rmd160 does
    not build). (Jakub Zelenka, fsbruva)

- PCNTL:
  . Fixed pcntl_(get|set)priority error handling for MacOS. (Juan Morales)

- PCRE:
  . Implemented FR #77726 (Allow null character in regex patterns). (tobil4sk)
  . Updated bundled libpcre to 10.40. (cmb)

- PDO:
  . Fixed bug GH-9818 (Initialize run time cache in PDO methods).
    (Florian Sowade)

- PDO_Firebird:
  . Fixed bug GH-8576 (Bad interpretation of length when char is UTF-8). (cmb)

- PDO_ODBC:
  . Fixed bug #80909 (crash with persistent connections in PDO_ODBC). (Calvin
    Buckley)
  . Fixed bug GH-8300 (User input not escaped when building connection string).
    (Calvin Buckley)
  . Fixed bug GH-9347 (Current ODBC liveness checks may be inadequate). (Calvin
    Buckley)
  . Fixed bug GH-9372 (HY010 when binding overlong parameter). (cmb)

- PDO_PGSQL:
  . Fixed bug GH-9411 (PgSQL large object resource is incorrectly closed).
    (Yurunsoft)

- Random:
  . Added new random extension. (Go Kudo)
  . Fixed bug GH-9067 (random extension is not thread safe). (cmb)
  . Fixed bug GH-9055 (segmentation fault if user engine throws). (timwolla)
  . Fixed bug GH-9066 (signed integer overflow). (zeriyoshi)
  . Fixed bug GH-9083 (undefined behavior during shifting). (timwolla)
  . Fixed bug GH-9088, GH-9056 (incorrect expansion of bytes when
    generating uniform integers within a given range). (timwolla)
  . Fixed bug GH-9089 (Fix memory leak on Randomizer::__construct()
    call twice). (zeriyoshi)
  . Fixed bug GH-9212 (PcgOneseq128XslRr64::jump() should not allow negative
    $advance). (Anton Smirnov)
  . Changed Mt19937 to throw a ValueError instead of InvalidArgumentException
    for invalid $mode. (timwolla)
  . Splitted Random\Randomizer::getInt() (without arguments) to
    Random\Randomizer::nextInt(). (zeriyoshi)
  . Fixed bug GH-9235 (non-existant $sequence parameter in stub for
    PcgOneseq128XslRr64::__construct()). (timwolla)
  . Fixed bug GH-9190, GH-9191 (undefined behavior for MT_RAND_PHP when
    handling large ranges). (timwolla)
  . Fixed bug GH-9249 (Xoshiro256StarStar does not reject the invalid
    all-zero state). (timwolla)
  . Removed redundant RuntimeExceptions from Randomizer methods. The
    exceptions thrown by the engines will be exposed directly. (timwolla)
  . Added extension specific Exceptions/Errors (RandomException, RandomError,
    BrokenRandomEngineError). (timwolla)
  . Fixed bug GH-9415 (Randomizer::getInt(0, 2**32 - 1) with Mt19937
    always returns 1). (timwolla)
  . Fixed Randomizer::getInt() consistency for 32-bit engines. (timwolla)
  . Fixed bug GH-9464 (build on older macOs releases). (David Bohman)
  . Fixed bug GH-9839 (Pre-PHP 8.2 output compatibility for non-mt_rand()
    functions for MT_RAND_PHP). (timwolla)

- Reflection:
  . Added ReflectionFunction::isAnonymous(). (Nicolas Grekas)
  . Added ReflectionMethod::hasPrototype(). (Ollie Read)
  . Narrow ReflectionEnum::getBackingType() return type to ReflectionNamedType.
    (SamMousa)
  . Fixed bug GH-8932 (ReflectionFunction provides no way to get the called
    class of a Closure). (cmb, Nicolas Grekas)

- Session:
  . Fixed bug GH-7787 (Improve session write failure message for user error
    handlers). (ilutov)
  . Fixed GH-9200 (setcookie has an obsolete expires date format). (timwolla)
  . Fixed GH-9584 (Avoid memory corruption when not unregistering custom session
    handler). (ilutov)
  . Fixed bug GH-9583 (session_create_id() fails with user defined save handler
      that doesn't have a validateId() method). (Girgias)

- SOAP:
  . Fixed bug GH-9720 (Null pointer dereference while serializing the response).
    (cmb)

- Sockets:
  . Added TCP_NOTSENT_LOWAT socket option. (David Carlier)
  . Added SO_MEMINFO socket option. (David Carlier)
  . Added SO_RTABLE socket option (OpenBSD), equivalent of SO_MARK (Linux).
    (David Carlier)
  . Added TCP_KEEPALIVE, TCP_KEEPIDLE, TCP_KEEPINTVL, TCP_KEEPCNT socket
    options. (David Carlier)
  . Added ancillary data support for FreeBSD. (David Carlier)
  . Added ancillary data support for NetBSD. (David Carlier)
  . Added SO_BPF_EXTENSIONS socket option. (David Carlier)
  . Added SO_SETFIB socket option. (David Carlier)
  . Added TCP_CONGESTION socket option. (David Carlier)
  . Added SO_ZEROCOPY/MSG_ZEROCOPY options. (David Carlier)
  . Added SOL_FILTER socket option for Solaris. (David Carlier)
  . Fixed socket constants regression as of PHP 8.2.0beta3. (Bruce Dou)

- Sodium:
  . Added sodium_crypto_stream_xchacha20_xor_ic(). (Scott)

- SPL:
  . Uses safe_erealloc instead of erealloc to handle heap growth
    for the SplHeap::insert method to avoid possible overflows. (David Carlier)
  . Widen iterator_to_array() and iterator_count()'s $iterator parameter to
    iterable. (timwolla)
  . Fixed bug #69181 (READ_CSV|DROP_NEW_LINE drops newlines within fields).
    (cmb)
  . Fixed bug #65069 (GlobIterator incorrect handling of open_basedir check).
    (Jakub Zelenka)

- SQLite3:
  . Changed sqlite3.defensive from PHP_INI_SYSTEM to PHP_INI_USER. (bohwaz)

- Standard:
  . net_get_interfaces() also reports wireless network interfaces on Windows.
    (Yurun)
  . Finished AVIF support in getimagesize(). (Yannis Guyon)
  . Fixed bug GH-7847 (stripos with large haystack has bad performance).
    (ilutov)
  . New function memory_reset_peak_usage(). (Patrick Allaert)
  . Fixed parse_url(): can not recognize port without scheme. (pandaLIU)
  . Deprecated utf8_encode() and utf8_decode(). (Rowan Tommins)
  . Fixed the crypt_sha256/512 api build with clang > 12. (David Carlier)
  . Uses safe_erealloc instead of erealloc to handle options in getopt
    to avoid possible overflows. (David Carlier)
  . Implemented FR GH-8924 (str_split should return empty array for empty
    string). (Michael Vorisek)
  . Added ini_parse_quantity function to convert ini quantities shorthand
    notation to int. (Dennis Snell)
  . Enable arc4random_buf for Linux glibc 2.36 and onwards
    for the random_bytes. (Cristian Rodriguez)
  . Uses CCRandomGenerateBytes instead of arc4random_buf on macOs. (David Carlier).
  . Fixed bug #65489 (glob() basedir check is inconsistent). (Jakub Zelenka)
  . Fixed GH-9200 (setcookie has an obsolete expires date format). (Derick)
  . Fixed GH-9244 (Segfault with array_multisort + array_shift). (cmb)
  . Fixed bug GH-9296 (`ksort` behaves incorrectly on arrays with mixed keys).
    (Denis Vaksman)
  . Marked crypt()'s $string parameter as #[\SensitiveParameter]. (timwolla)
  . Fixed bug GH-9464 (build on older macOs releases). (David Bohman)
  . Fixed bug GH-9518 (Disabling IPv6 support disables unrelated constants).
    (cmb)
  . Revert "Fixed parse_url(): can not recognize port without scheme."
    (andypost)

- Streams:
  . Set IP_BIND_ADDRESS_NO_PORT if available when connecting to remote host.
    (Cristian Rodríguez)
  . Fixed bug GH-8548 (stream_wrapper_unregister() leaks memory). (ilutov)
  . Discard poll calls on socket when no timeout/non blocking/MSG_DONTWAIT. (Max Kellermann)
  . Fixed bug GH-9316 ($http_response_header is wrong for long status line).
    (cmb, timwolla)
  . Fixed bug GH-9590 (stream_select does not abort upon exception or empty
    valid fd set). (Arnaud)
  . Fixed bug GH-9653 (file copy between different filesystems). (David Carlier)
  . Fixed bug GH-9779 (stream_copy_to_stream fails if dest in append mode).
    (Jakub Zelenka)

- Windows:
  . Added preliminary support for (cross-)building for ARM64. (Yun Dou)

- XML:
  . Added libxml_get_external_entity_loader() function. (Tim Starling)

- Zip:
  . add ZipArchive::clearError() method
  . add ZipArchive::getStreamName() method
  . add ZipArchive::getStreamIndex() method
  . On Windows, the Zip extension is now built as shared library (DLL) by
    default. (cmb)
  . Implement fseek for zip stream when possible with libzip 1.9.1. (Remi)